What is MySQL Security?
MySQL’s popularity as an open-source relational database management system (or RDBMS) is prolific within the data world. In fact, it’s the system of choice for some of the world’s favorite websites and web applications including Facebook, Twitter, YouTube, WordPress, and phpBB to name only a few.
As you can imagine, with so much data and a wide variety of consumer applications, it is vital to keep this data secure. Whether you’re new to MySQL or need a refresher, consider this a useful crash course to ensuring the safety of your MySQL databases – not to mention the private data your clients and customers entrust your business to safeguard.
In this article, you will learn about:
Why Choose MySQL
While MySQL has been around since the mid-90s, it is one of the most popular database servers still used. As of writing, MySQL comes in two main flavors: the open-source MySQL Community Server and Oracle’s proprietary MySQL Enterprise Server.
Compared to other SQL and non-SQL databases, some of MySQL’s benefits include ease of use, scalability, customizability, high availability, platform- and interface-friendliness, and the open-source version’s license is cost-free.
However, MySQL isn’t without its drawbacks. These include a limitation on triggers (they cannot be defined on views) or, if you choose to use a storage engine other than InnoDB, MySQL will no longer comply completely with SQL standards.
Still, with its wide variety of plugins, tools, software availability, and cloud deployment options, MySQL continues to be a favorite among developers, especially within the web application space.
Common MySQL Security Threats
Like all databases that use the SQL language, MySQL has a few security threats in common with its sister platforms as well as a handful of unique ones. Here are some of the most common security threats originating from both inside and outside of your organization and how to address them.
Mismanagement of Account Access
One of the most common problems is assigning the wrong kinds of account access to users. Nothing is worse than treating every user as an administrator or giving them powerful privileges such as access to root accounts. In the hands of malicious actors (or even well-meaning users prone to accidents), that kind of power can cripple your database and ruin the data along with it.
Establish this habit if you haven’t already: give every user the least amount of privileges needed to do their work within the database. Moreover, keep access to important features such as the user table within the mysql system database to root accounts only.
It goes without saying that a weak password is an easy target for hackers. A simple way to mitigate the risks associated with passwords is to keep them strong and robust.
Make it common practice to use passwords with at least 15 characters containing a mixture of letters, numbers, and symbols. Similarly, avoid simplistic passwords that can be found in dictionaries as hackers love to try those first. Finally, add extra protection by encrypting your passwords using different hashing functions such as MD5() or SHA2().
One of the most common brute force attacks on a MySQL database is distributed denial of service (or DDoS) attacks. Attackers use multiple accounts to overwhelm the database with fake queries in rapid succession. The purpose of this kind of attack is to slow down and eventually crash the database.
A few ways to mitigate DDoS attacks are by limiting maximum connections, disabling persistent connections, and closing opened connections that result in code errors.
It goes without saying that in a normal deployment, you should not even expose your database to the world. Then, DDoS mitigations can also be applied at the application level.
SQL Injection Attacks
An SQL injection attack is when an attacker injects commands into query strings rather than flood the database with phony queries. These injected commands can cause damage to the database or even be used to corrupt or steal data outright.
One major way to avoid SQL injection attacks is by using application security measures such as parameterized queries when sending queries, as well as implementing proper input validation at the application level.
Remote Preauth User Enumeration
Data inputs that haven’t been properly sanitized can also cause remote preauth user enumeration vulnerabilities. These kinds of attacks are used to validate whether or not a certain user exists within the database so the attacker can identify accounts to use as points of entry. This is done by calling different usernames within the instance to get the database to throw an error. From there, the attack can validate if the account username exists and begin trying to force entry.
These kinds of attacks can be mitigated by ensuring all user-generated inputs are sanitized before being sent to the database.
Race condition (also known as a Time of Check to Time of Use or TOCTTOU attack) are when a system tries to perform multiple operations simultaneously instead of executing them in their correct sequence. This can also happen when two processes try to access the same resource at the same time, competing for it. TOCTTOU attacks can cause a variety of errors reading and writing data and can either lead to unintended behavior or to denial of service.
Because race condition attacks rely on processes trying to run out of sequence or compete for the same resources simultaneously, methods to protect against these attacks include avoiding share states, using thread synchronization, and serializing memory and storage access. Moreover, certain race condition issues can be resolved by performing atomic operations. With that in mind, it’s important to close any loopholes that might cause simultaneous calls to a single resource.
MySQL Security Configuration
Like other SQL-based databases, MySQL uses multiple security layers such as conditional access, database auditing, and encryption.
User accounts, the database itself, and the objects within it can all have defined privileges. For instance:
- Administrative privileges are global user permissions that allow users to have complete control over their MySQL databases.
- Non-root user privileges allow users to access the database; ideally, you should grant the least amount of privileges a certain user needs to do their job effectively within the database.
- Database privileges can apply either globally to all databases within your server or granted to specific databases.
- Object privileges apply to database objects such as indexes, views, routines, and others and can be granted specific or global privileges as well.
These can be further augmented through the use of data masking and row-level security.
Depending on what you use MySQL for, there are a variety of plugins and methods to audit your database. For instance, ClusterControl for MySQL automates security audits across your database whereas Cloud SQL for MySQL has its own audit plugin relating to cloud security. Before trying out every plugin, define what you need to audit and at what levels (server, database, user, etc.) to maximize effectiveness.
MySQL protects sensitive data access by way of encryption. This can be done either by obscuring the container the data is held in or encrypting the data itself. Some MySQL Enterprise encryption tools include:
- Asymmetric Public Key Encryption/Decryption
- Symmetric Public and Private Key Pairs
- Public/Private Key Generation
- Digital Signature Verification and Validation
- DSA, RSA, and DH-type Encryption Algorithms
- Transparent Data Encryption
MySQL Security Best Practices
In addition to some of the solutions we outlined alongside common security threats, here are seven MySQL security best practices to consider.
1. Remove Default Accounts, Port Mappings, and Other Settings
MySQL does a great job getting you started when setting up your database. However, these same quickstart features are sometimes best to change. An easy way to avoid this is by customizing your database and getting rid of the defaults. Some specific actions include:
- Remove the test database after installation – by default, all users have full access to it making it a popular target.
- Remove anonymous default accounts – MySQL creates some of these accounts on install that have no specific purpose.
- Change default port mappings – MySQL’s default port is 3306, and you may want to change it to prevent it from appearing in net-wise scans. Obviously, you should not have your database available to external networks outside of your VPC or company network.
2. Restrict Remote Access
Maintain network access only as per the minimum required. For example, if your MySQL accepts connection only from a certain application, make sure it can only communicate with that. In addition, make sure that all remote access by users is monitored and controlled (for example, when engineers are accessing production data to investigate issues).
3. Grant Users Only The Privileges They Need
Adhere to the principle of least privilege. It is common for users to have more privileges than they actually need. This is often done due to using common users instead of separate users, a bottleneck of access requests handled by the DBAs, or simply not revoking access after it’s no longer needed.
In addition to adding security risks, this can cause other problems like data corruption and other operational issues. Instead, grant users just enough privileges and access to do their jobs, and revoke it as soon as it’s not needed. There’s no need for salespeople to have access to HR records or for marketers to have access to their fellow employee’s SSNs.
Finally, be sure to adjust user privileges and access accordingly depending on their position, work, and need especially when they’re being changed to a new position or department within the organization.
4. Use Non-Root Accounts
Using a root account gives you complete control over the database. It’s a helpful tool but in the wrong hands can wreak havoc on your data security. Instead, create new accounts with specific, necessary permissions rather than relying on blanket root user roles.
5. Keep the Server Physically Secure
A point that’s often overlooked is making sure your servers are physically safe. A bad actor doesn’t need to go through all the remote steps if they can simply access the server manually by walking up to it. The obvious solution? Ensure the area you keep your server is secured and monitored constantly while granting access to only those who need to work on the server’s hardware.
Obviously, when the server is hosted (for example, by a public cloud provider such as AWS, GCP, or Azure), this is covered as part of their shared responsibility model.
6. Make Sure You Keep Proper Auditing & Monitoring
It’s important to keep access logs as they allow you to know who is accessing your data and exactly what actions they’re performing. This is important both for reporting as well as for security investigations. In addition to organizational requirements, certain laws such as HIPAA, GDPR, CPRA, and others make such audits mandatory – not to mention you risk costly fines if you don’t remain in compliance.
Be sure to audit and monitor the following in addition to what’s necessary based on local compliance laws:
- Server configuration and schema changes
- Change data capture (CDC)
- User access
- Login triggers
- Password strength
- Identification of modified or missing database objects, repeated login failures, or permission changes
7. Assess Your Database Security Regularly
With consistent software and configuration changes, security policy and user list changes, and the organizational needs of the database itself, it’s important to assess your database security regularly.
8. Use Storng Authentication Credentials And Encryption
When configuring authentication for you MySQL servers, make sure you are choosing strong authentication credentials that will make it infeasible for attackers to access them. This also means you need to take proper care on when you store authentication credentials (for example: use vaults for production credentials).
For more information about MySQL authentication visit our dedicated guide.
MySQL Security with Satori
Satori helps organizations streamline access to sensitive data stored on MySQL, as well as provision MySQL production servers access. In addition, Satori continuously discovers and maps sensitive data on your MySQL servers, and allows you to enable policies such as data masking in a fast and simple way.