How to secure MySql server
A few days ago, I came across the ranking of the most popular databases among developers. According to it, the most popular database is MySQL with more then 58 per cent of the total marker share. I do not know for sure how accurate these figures are, I’m absolutely agree that to date MySQL is the most popular open source database in the world.
We dealt with a lot of databases and of course each database is designed for its own set of tasks. Thinking about MySQL, I believe there is no better database, if you need to quickly start the development. There is no better database in simplicity of deployment. This is really easy to configure and maintenance MySQL databases.
The main requirements for any projects are data security. This means that application user can work with the data he is allowed to work. All attempts to obtain unauthorized access to data must be blocked and logged for future analysis and control. MySQL is an excellent database, which has built-in security mechanisms, but it’s open source product and if you compare it to commercial databases, then it will naturally lose to them. It does not have such powerful audit tools, like as Oracle has. It does not have build-in possibility to store any SQL statements for a given table. It is not possible to define restrictions based on the table’s data, like it is achievable with Oracle Label Security feature. On the other hand, nobody would like to pay tens of thousands of dollars to purchase commercial database licenses.
DataSunrise can be a great solution for MySQL database security. This is a database firewall usually placed between the database and the application. The database traffic should be configured to go through it. For highly loaded systems, DataSunrise supports high availability configuration allows database traffic to be distributed across DataSunrise nodes. The firewall analyzes the database traffic and acts based on the specified rules. The rules could be configured to restrict access to table or view or even to the table column. The firewall provides a fairly convenient mechanism for sensitive data obfuscation. It allows setup the rule masking data using given pattern. For instance, the rule can be configured to mask such data like credit card numbers, emails, addresses or phone numbers. Another option is to configure rule to allow retrieving data set met predefined condition only. So, even the user has full access to the table, the data access policy could be set to allow database user to work only with data that he has access to. DataSunrise has build-in possibility to sent notification about any database actions. This is a very useful mechanism to send alert in case of suspicious activity. If any rule is triggered DataSunrise is logging rule action details into separate database, which allows monitoring users activity without access to the application database. The configuration of DataSunrise firewall occurs through the web interface with a few clicks and does not require specific knowledge of SQL. Thus, security officers can implement data access security policies, without involvement of database developers. This is quite convenient, since the security is the responsibility of the security department.
DataSunrise is well integrated with Active Directory services and has a built-in mechanism allows you to link a domain account to a database account and use domain authentication to work with database. This greatly simplifies database accounts management and makes the authorization process more flexible and secure.
Ultimately, using DataSunrise together with MySQL allows securing data fast enough without deep diving into the database settings. This extends the capabilities of MySQL by adding database enterprise level security, without necessary to buy expensive commercial database licenses.