Hackproofing MySQL

MySQL claims to be the world's most popular open source database and with good reason. It is free, runs on a wide variety of platforms, is relatively simple, easy to configure and performs well even under significant load. By comparison to some other popular database management systems, configuring it is quite simple, but there are still a sufficiently wide variety of security-relevant configuration issues to make securing it a challenge.



NGS Research has a brief whitepaper (PDF file) of common attacks on MySQL and the steps that a MySQL administrator can take to defend against them.



Topics covered in the whitepaper include:

• MySQL versions and patching
  
  
• MySQL in a network environment
  
  
• Bugs In The Authentication Protocol
  
  
• Historical Bugs
  
  
• MySQL as a web back-end
  
  
• SQL injection in MySQL (via UNION, SELECT, LOAD_FILE and more)
  
  
• Local Attacks
  
  
• Other MySQL features to be wary of

A MySQL Lockdown Checklist is also included.



Further MySQL security resources:

• MySQL Security Guidelines
  
  
• Securing MySQL: step-by-step
  
  
• Secure MySQL Database Design
  
  
• Securing Your MySQL Installation