Documentation Home
MySQL 9.0 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 40.0Mb
PDF (A4) - 40.1Mb
Man Pages (TGZ) - 259.0Kb
Man Pages (Zip) - 366.2Kb
Info (Gzip) - 4.0Mb
Info (Zip) - 4.0Mb


MySQL 9.0 Reference Manual  /  ...  /  Elements of MySQL Enterprise Firewall

8.4.7.1 Elements of MySQL Enterprise Firewall

MySQL Enterprise Firewall is based on a plugin library that includes these elements:

  • A server-side plugin named MYSQL_FIREWALL examines SQL statements before they execute and, based on the registered firewall profiles, renders a decision whether to execute or reject each statement.

  • The MYSQL_FIREWALL plugin, along with server-side plugins named MYSQL_FIREWALL_USERS and MYSQL_FIREWALL_WHITELIST implement Performance Schema and INFORMATION_SCHEMA tables that provide views into the registered profiles.

  • Profiles are cached in memory for better performance. Tables in the firewall database provide backing storage of firewall data for persistence of profiles across server restarts. The firewall database can be the mysql system database or a custom schema (see Installing MySQL Enterprise Firewall).

  • Stored procedures perform tasks such as registering firewall profiles, establishing their operational mode, and managing transfer of firewall data between the cache and persistent storage.

  • Administrative functions provide an API for lower-level tasks such as synchronizing the cache with persistent storage.

  • System variables enable firewall configuration and status variables provide runtime operational information.

  • The FIREWALL_ADMIN and FIREWALL_USER privileges enable users to administer firewall rules for any user, and their own firewall rules, respectively.

  • The FIREWALL_EXEMPT privilege exempts a user from firewall restrictions. This is useful, for example, for any database administrator who configures the firewall, to avoid the possibility of a misconfiguration causing even the administrator to be locked out and unable to execute statements.