digg

Facebook Connect Join Digg About

Six steps to secure sensitive data in MySQL

builderau.com.au A common reason for not securing databases is that it is "difficult" and "complicated". While this is certainly true, if you're using MySQL, there are some easy things you can do to significantly reduce the risk you face. This tutorial lists six such items, but you can find many more in the MySQL manual and discussion forums.

Who dugg this? Made popular Aug 6, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

10 Comments

show profanity settings
expand all
  • echimu, on 10/12/2007, -0/+7Also the best one ==> http://dev.mysql.com/doc/refman/5.0/en/security.html
  • sizeof, on 10/12/2007, -1/+5This article fails to mention that sensitive data should also be stored encrypted in the database in some cases, and decrypted on-the-fly at the application level. This keeps the data secure even if someone gains physical access to the database server.
  • kd1s, on 10/12/2007, -0/+3Before I started at my current job all the MySQL permissions used a common username and password for EVERYTHING. I changed that, as well as did permissions by connection, database, table, and column.

    So you only get what I say you'll get. Otherwise - try again. We have to leave our TCP/IP connection up but other than that, our MySQL databases are pretty secure.
  • ZephyrWest, on 10/12/2007, -0/+2Is it me or do all the steps seam rather rudimentary? Any web developer worth his salt should already know everything mentioned there...
  • tizz66, on 10/12/2007, -0/+2It's also important to remember that your databases are only secure as your weakest link. If your front-end web application (assuming you're using one) has security exploits, your data can be compromised regardless of the tips in this article.
  • Jack9, on 10/12/2007, -0/+1I like the bit about remote access. As if removing a critical capability (network messaging for MySQL) is the way you secure it, when you have already suggested tunnelling in a previous "tip". Do dig.
  • pucosk, on 10/12/2007, -0/+1Well you could always use firewalls, multiple NICs (PITA for administration IMHO)

    BTW Lame and really really basic
  • inactive, on 10/12/2007, -3/+2Unless your database and application servers are the same box!
  • coderpunk, on 10/12/2007, -3/+1Seems to me that anyone who calls theirselfs a MySQL admin should have already been aware of these. I think of all of those as standard practices, but then again some people call me paranoid :)

  • i440, on 10/12/2007, -9/+2Step 7: Use Linux, obviously.

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.