Used in a video presentation for the databases security course in Tarbiat Modares University of tehran , reviewing some security aspects of MySQL rdbms .
Novel 3D-Printed Soft Linear and Bending Actuators
Mysqlsecurityoptionsjan2021
1. Mysql security
Presentation Of Tarbiat modares university Database security Classroom
presented by:
Negar Ghani
Sepehr Damavandi
professor:
Dr.Sadegh Dorri Nogoorani
First semester of 2020-2021
January 2021
4. Security Guidelines
● Do not ever give anyone (except MySQL root accounts) access to the user table in the mysql
system database!
● Use the GRANT and REVOKE statements to control access to MySQL. Do not grant more
privileges than necessary. Never grant privileges to all hosts.
○ Try mysql -u root -h 127.0.0.1 -P 3306
○ Use the SHOW GRANTS and REVOKE statements
5. Making MySQL Secure Against Attackers
● When you connect to a MySQL server, you should use a password. The password is not
transmitted as cleartext over the connection.
● All other information is transferred as text
● can be read by anyone who is able to watch the connection.
○ use MySQL's internal SSL support.
○ use SSH.
○ ssh ghani@mysql -L 3306:127.0.0.1:3306 -N
○ mysql --host=127.0.0.1 --port=3306 -u user -p
6. Client Programming Security Guidelines
● Applications that access MySQL should not trust any data entered by users
● If an application generates a query like SELECT * FROM table WHERE ID=234 when a user enters
the value 234, the user can enter the value 234 OR 1=1 to cause the application to generate the
query SELECT * FROM table WHERE ID=234 OR 1=1.
● the server retrieves every row in the table.
● Correct way: SELECT * FROM table WHERE ID='234'.
8. MySQL access control involves two stages when you run a client program that connects to the server:
● Stage 1: The server accepts or rejects the connection based on your identity and whether you can
verify your identity by supplying the correct password.
● Stage 2: Assuming that you can connect, the server checks each statement you issue to determine
whether you have sufficient privileges to perform it.
MySQL Access Control
9. Account Usernames and Passwords
● MySQL stores accounts in the user table of the mysql system database.
● An account is defined in terms of a user name and the client host or hosts from which the user can
connect to the server.
● To authenticate client connections for accounts that use built-in authentication methods, the
server uses passwords stored in the user table.
10. Privileges Provided by MySQL
● Administrative privileges enable users to manage operation of the MySQL server. These privileges
are global because they are not specific to a particular database.
● Database privileges apply to a database and to all objects within it. These privileges can be granted
for specific databases, or globally so that they apply to all databases.
● Privileges for database objects such as tables, indexes, views, and stored routines can be granted
for specific objects within a database, for all objects of a given type within a database (for example,
all tables in a database), or globally for all objects of a given type in all databases.
11. Grant Tables
● The mysql system database includes several grant tables that contain information about user
accounts and the privileges held by them
● user: User accounts, static global privileges, and other nonprivilege columns.
● db: Database-level privileges.
● tables_priv: Table-level privileges.
● columns_priv: Column-level privileges.
● default_roles: Default user roles.
● password_history: Password change history.
12. Specifying Account Names
● MySQL account names consist of a user name and a host name, which enables creation of distinct
accounts for users with the same user name who can connect from different hosts.
● Account name syntax is 'user_name'@'host_name'.
● An account name consisting only of a user name is equivalent to 'user_name'@'%'.
13. Access Control, Stage 1: Connection Verification
When you attempt to connect to a MySQL server, the server accepts or rejects the connection based on
these conditions:
● Your identity and whether you can verify it by supplying the proper credentials.
● Whether your account is locked or unlocked.
14. Access Control, Stage 2: Request Verification
After the server accepts a connection, it enters Stage 2 of access control.
● For each request that you issue through the connection, the server determines what operation you
want to perform, then checks whether your privileges are sufficient.
● This is where the privilege columns in the grant tables come into play. These privileges can come
from any of the user, global_grants, db, tables_priv, columns_priv, or procs_priv tables.
15. Adding Accounts, Assigning Privileges, and Dropping Accounts
● CREATE USER and DROP USER create and remove accounts.
● GRANT and REVOKE assign privileges to and revoke privileges from accounts.
● SHOW GRANTS displays account privilege assignments.
16. Reserved Accounts
During data directory initialization, MySQL creates user accounts that should be considered reserved
● 'root'@'localhost: Used for administrative purposes. This account has all privileges, is a system
account, and can perform any operation.
● 'mysql.sys'@'localhost': Used as the DEFINER for sys schema objects. Use of the mysql.sys account
avoids problems that occur if a DBA renames or removes the root account. This account is locked
so that it cannot be used for client connections.
17. Reserved Accounts
● 'mysql.session'@'localhost': Used internally by plugins to access the server. This account is locked
so that it cannot be used for client connections. The account is a system account.
● 'mysql.infoschema'@'localhost': Used as the DEFINER for INFORMATION_SCHEMA views. Use of
the mysql.infoschema account avoids problems that occur if a DBA renames or removes the root
account. This account is locked so that it cannot be used for client connections.
18. Using Roles
A MySQL role is a named collection of privileges. Like user accounts, roles can have privileges granted to
and revoked from them.
● CREATE ROLE and DROP ROLE create and remove roles.
● GRANT and REVOKE assign privileges to revoke privileges from user accounts and roles.
● SHOW GRANTS displays privilege and role assignments for user accounts and roles.
● SET DEFAULT ROLE specifies which account roles are active by default.
● SET ROLE changes the active roles within the current session.
● The CURRENT_ROLE() function displays the active roles within the current session.
19. Account Categories
System and Regular Accounts
● A user with the SYSTEM_USER privilege is a system user.
○ A system user can modify both system and regular accounts. A system account can be modified only by
system users with appropriate privileges, not by regular users.
● A user without the SYSTEM_USER privilege is a regular user.
○ A regular user with appropriate privileges can modify regular accounts, but not system accounts. A regular
account can be modified by both system and regular users with appropriate privileges.
20. Privilege Restriction Using Partial Revokes
Prior to MySQL 8.0.16, it is not possible to grant privileges that apply globally except for certain schemas.
As of MySQL 8.0.16, that is possible if the partial_revokes system variable is enabled.
Specifically, for users who have privileges at the global level, partial_revokes enables privileges for
specific schemas to be revoked while leaving the privileges in place for other schemas.
21. When Privilege Changes Take Effect
If the mysqld server is started without the --skip-grant-tables option, it reads all grant table contents into
memory during its startup sequence. The in-memory tables become effective for access control at that
point.
If you modify the grant tables indirectly using an account-management statement, the server notices
these changes and loads the grant tables into memory again immediately.
● GRANT, REVOKE, SET PASSWORD, and RENAME USER.
22. When Privilege Changes Take Effect
If you modify the grant tables directly using statements such as INSERT, UPDATE, or DELETE the
changes have no effect on privilege checking
● tell the server to reload the tables
○ FLUSH PRIVILEGES statement or mysqladmin flush-privileges or mysqladmin reload
● restart mysql
23. Password Management
● Password expiration
● Password reuse policy
● Password verification-required policy
● Dual password support
● Random password generation
● Failed-login tracking and temporary account locking
24. Account resource limits
● We can restrict max user connections globally or restrict certain resources user specifically
○ Number of queries per hour
○ Number of updates per hour
○ Number of times an account can connect to the server per hour
○ Number of simultaneous connections to the server
26. The connection control plugins
● Two plugins : connection_control and and connection_control_failed_login attempts
● Connection_control introduces an increasing delay in server response to connection attempts
after a configurable number of consecutive failed attempts
● The other is for keeping track of these audit data
● We use now available(after installation) system variables to config these plugins
27. The password validation component
● Implements three levels of password checking : LOW , MEDIUM and STRONG
● Low checks the length of password (configurable)
● Medium checks also existence of numeric , lowercase , uppercase and special characters
● Strong checks that password substrings of length 4 or longer must not match words in the
dictionary file
● This component implements a SQL function that assesses the strength of password according to
set level and configuration
28. MySQL enterprise firewall
● An application level firewall that enables dba to permit or deny SQL statements based on matching
against lists of accepted statement pattens
● Firewall operation is based on a registry of profiles , a profile has these attributes :
○ Rules : defines the acceptable statements (whitelist)
○ Current operational mode : can be OFF , RECORDING , PROTECTING or DETECTING
○ Scope of applicability : indicating which client connections the profile applies to
31. Backup and recovery types and operations
● Physical(raw) versus logical , Online versus offline , Local versus remote , Full versus incremental
● We can use mysqldump which is a client generating full logical remote online backups
● Mysqldump can backup all or some data bases and we can dump definitions and contents
separately
● For incremental backups we should use binary logs that server generates on each restart
● For a full recovery we run the .sql file generated by mysqldump
● For incremental recovery we use mysqlbinlog to transform the binary log files into .sql files and
then run them by server .
32. Thank you , good luck and goodbye
● Sepehr.dmv@gmail.com for contact
● https://dev.mysql.com/doc/refman/8.0/en/ was the source of this presentation , go there for
additional documents