Professional Documents
Culture Documents
MySQL on Windows
Post-Installation Tasks.............................................................................................. 6
Password Management............................................................................................. 8
Encryption.................................................................................................................. 9
Data Communication............................................................................................... 10
Conclusion ............................................................................................................... 13
Resources ................................................................................................................ 13
Lower TCO
Ease of use
Reliability
Performance
A fully featured database with no functional limitations of lite database versions
For more information on why MySQL is an excellent choice on Windows, please visit:
http://dev.mysql.com/doc/refman/5.1/en/windows-and-ssh.html
In this section we will cover several key concepts for understanding how the MySQL Server and Client
security model works.
At a high-level, MySQLs security model is based on Access Control Lists (ACLs) for all connections,
queries, and other operations that users can attempt to perform. We should note that there is also support
for SSL-encrypted connections between MySQL clients and servers.
The primary function of the MySQL privilege system is to authenticate users who connect from hosts and
in turn associate them with privileges on a database such as SELECT, INSERT, UPDATE, and DELETE.
Some additional functionality in this regard also includes the ability to have anonymous, privileges for
MySQL-specific functions such as LOAD DATA INFILE, replication, object-level privileges and the ability
to perform administrative operations.
Information concerning account privileges is stored in the following tables located in the mysql database:
user
db
host
tables_priv
columns_priv
procs_priv
For example, the USER table contains the host to which the user name is associated with, the user
name, the users password (in an encrypted format) and various privileges. Because of the information
contained within the USER table, it is recommended that only the MySQL root user have access to this
table.
Information about account privileges is also located in several tables of the INFORMATION_SCHEMA
database. Tables of note in this regard include:
column_privileges
schema_privileges
These access-control decisions are based on the in-memory copies of the GRANT tables. The MySQL
server loads the contents of these tables into memory when it starts up and re-reads them under the
certain circumstances. For a listing of these circumstances please refer to:
http://dev.mysql.com/doc/refman/5.1/en/privilege-changes.html
As a best practice, whenever you issue a data control statement, you should also have the GRANT tables
re-read into memory so that the modification is immediately applied to the server. This means that you
should always issue a FLUSH PRIVILEGES command with your DCL statement.
For example:
GRANT and REVOKE statements are the key enablers and disablers of privileges. A complete list of
those privileges can be found at:
http://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html
Connecting to MySQL
MySQL client programs generally expect you to specify certain connection parameters when you want to
access a MySQL server, these include:
For example, the mysql client can be started as follows from a command-line prompt:
If you use a -p or --password option but do not specify a password, the client program prompts you to
enter the password. The password is not displayed as you enter it. This is more secure than giving the
password on the command line. Any user on your system may be able to see a password specified on
the command line by reviewing any history that may be kept at the command line.
MySQL client programs use default values for any connection parameter option that you do not specify:
The password is never transmitted in clear text over the connection. All other information is transferred as
text, and can be read by anyone who is able to watch the connection. If the connection between the client
and the server goes through an un-trusted network, such as the internet, you can use the compressed
protocol to make traffic much more difficult to decipher. Better yet, you should consider using MySQLs
built-in Secure Sockets Layer (SSL) support to make the connection even more secure. Alternatively, you
can employ Secure Shell (SSH) to get an encrypted TCP/IP connection between a MySQL server and a
Post-Installation Tasks
Immediately after you have installed MySQL, it is strongly recommended you perform several tasks to
harden the server if you have not already done so when prompted if you chose to use the installation
GUI.
The default TEST database has very permissive grants and should be dropped.
By default when MySQL is installed on Windows, several accounts are created with blank passwords.
MySQL creates an account with the username of root with a blank password. The root user is a super
user account that can do anything on the MySQL server. This root account is for connections from the
local host only.
There is also a second root user which is created that can connect from remote machines. If you used the
GUI-based MySQL installation you may have also chosen to create a root account which can connect
from remote machines by explicitly selecting the option Enable root access from machines. Below is the
procedure to set the password for the root account if you have chosen to retain it.
By default two anonymous user accounts are also created, each with an empty username and no
passwords. One of these anonymous accounts is for connecting from the local host. The other
anonymous account can connect from any host and has privileges for the test database and any other
databases which start with the name test.
It is strongly recommended to drop these accounts. This can be accomplished by issuing the following
command against the mysql database:
Running this script will set the root password, remove remote root access, remove the anonymous
accounts and delete the default test database.
As previously mentioned, many of these tasks are addressed in the MySQL GUI installer for Windows.
To use client programs, the MySQL process, mysqld, must be running. On Windows, users will likely
choose to run MySQL as a service. (This option can easily be configured using the MySQL GUI installer
for Windows.) Because clients gain access to databases by connecting to the server, mysqld is the main
program that does the work. Depending on the installation package you chose, the server is accompanied
by several related scripts that perform setup operations when you install MySQL or that assist you in
starting and stopping the server. mysqld can (and should) be run as an ordinary, unprivileged user.
Account Management
Similar to other database management systems, the GRANT and REVOKE statements are used for
controlling access to MySQL. As a best practice, do not grant more privileges than necessary. Never
grant privileges to all hosts.
For example:
Try mysql -u root at the command line. If you are able to connect successfully to the server
without being asked for a password, anyone can connect to your MySQL server as the MySQL
root user with full privileges.
Use the SHOW GRANTS statement to check which accounts have access to what. Then use the
REVOKE statement to remove those privileges that are not necessary.
Do not grant the PROCESS or SUPER privilege to non-administrative users. The output of SHOW
PROCESSLIST shows the text of any statements currently being executed, so any user who is allowed to
see the server process list might be able to see statements issued by other users such as:
The mysqld process reserves an extra connection for users who have the SUPER privilege, so that a
MySQL root user can always log in and check server activity even if all available connections are in use.
The SUPER privilege can be used to terminate client connections, change server operation by changing
the value of system variables, and control replication servers. Never grant this privilege unless absolutely
necessary, as the potential for negatively affecting the server, either intentionally or unintentionally is
possible.
Do not grant the FILE privilege to non-administrative users. Any user that has this privilege can write a file
anywhere in the file system with the privileges of the mysqld process. To make this a bit safer, files
generated with SELECT ... INTO OUTFILE do not overwrite existing files and are write-able by everyone.
The max_connect_errors system variable determines if there are more than this number of interrupted
connections from a host before that host is blocked from further connections. You can unblock a blocked
host with the FLUSH HOSTS statement. By default, the MySQL server blocks a host after 10 connection
errors.
MySQL does also offer the ability to limit the number of connections and queries that can be issued from
a client during a specified period of time. One means of limiting the use of MySQL server resources is to
set the max_user_connections system variable to a non-zero value. However, this method is strictly
global, and does not allow for management of individual accounts. In addition, it limits only the number of
simultaneous connections made using a single account, and not what a client can do once connected.
As of version 5.5, you can limit the following server resources for individual accounts:
You can enable these limits with a GRANT statement, for example:
Password Management
MySQL users and passwords have nothing to do with users and passwords on Windows. Below are
some tips for managing passwords:
Never give anyone (except MySQL root accounts) access to the user table in the mysql
database. The encrypted password is the real password in MySQL. Anyone who knows the
password that is listed in the user table and has access to the host listed for the account can
easily log in as that user.
Do not store any plain-text passwords for your application in the database. If your computer
becomes compromised, the intruder can take the full list of passwords and use them. Instead,
use MD5(), SHA1(), or some other one-way hashing function and store the hash value.
Always choose a strong password which includes letters, numbers and special characters. There
are many readily available programs which through brute force can eventually guess the
password to your server.
MySQL encrypts passwords using its own algorithm. User accounts are listed in the user table of the
mysql database. Each account is assigned a password. The password column of the user table is not the
plaintext version of the password, but a hash value computed from it. Password hash values are
computed by the PASSWORD() function. The server uses hash values during authentication when a
client first attempts to connect. The server generates hash values if a connected client invokes the
PASSWORD() function or uses a GRANT or SET PASSWORD statement to set or change a password.
If end users use the mysql client application to connect to a database application, then they are also
allowed to change their own password. There is currently no real-time enforcement of the complexity of
passwords, their length or age. For users with a subscription to MySQL Enterprise, the Knowledge Base
offers some articles and scripts to use in which you can check for:
Encryption
AES functions allow encryption and decryption of data using the official Advanced Encryption
Standard algorithm, previously known as Rijndael Encoding is done with a 128-bit key length is
used, but you can extend it up to 256 bits by modifying the source code.
DES functions allow for encryption and decryption using the Triple-DES algorithm.
SHA1 calculates a 160-bit checksum for the string, however SHA-1 algorithms have become
known and you should strongly consider using one of the other encryption functions.
Below is a list of some of the common encryption functions used with MySQL:
AES_ENCRYPT()
AES_DECRYPT()
DES_ENCRYPT()
DES_DECRYPT()
MD5()
SHA1()
and
Data Communication
It is best not to transmit plain (unencrypted) data over the Internet. This information is accessible to
everyone who has the time and ability to intercept it and use it for their own purposes. Instead, use an
encrypted protocol such as SSL or SSH. Another technique is to use SSH port-forwarding to create an
encrypted (and compressed) tunnel for the communication.
The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are
not used by default. Doing so would make the client/server protocol much slower. Encrypting data is a
CPU-intensive operation that requires the computer to do additional work and can delay other MySQL
tasks. For applications that require the security provided by encrypted connections, the extra computation
is warranted.
MySQL allows encryption to be enabled on a per-connection basis. You can choose a normal
unencrypted connection or a secure encrypted SSL connection according the requirements of individual
applications.
Secure connections are based on the OpenSSL API and are available through the MySQL C API. It
should be noted that MySQL Replication uses the C API, so secure connections can be used between
master and slave servers.
http://dev.mysql.com/doc/refman/5.1/en/secure-using-ssl.html
Another way to connect securely is from within an SSH connection to the MySQL server host. For
instructions on how to configure this option, see:
http://dev.mysql.com/doc/refman/5.1/en/windows-and-ssh.html
In general it is better to use IP numbers rather than hostnames in the grant tables whenever possible. In
any case, you should be very careful about creating grant table entries using hostname values that
contain wildcards.
Database Replication
It is best to set up an exclusive account on the master server that the slave server can use to connect.
This account must be given the REPLICATION SLAVE privilege. If this account is used only for
replication (which is recommended), you don't need to grant any additional privileges. For example:
If you plan to use the LOAD TABLE FROM MASTER or LOAD DATA FROM MASTER statements from
the slave host, you must grant this account additional privileges:
Grant the account the SUPER and RELOAD global privileges. (Recall that the SUPER privilege is
comparable to root) Grant the SELECT privilege for all tables that you want to load. Any master tables
from which the account cannot SELECT will be ignored by LOAD DATA FROM MASTER.
The MySQL Enterprise Server is the most reliable, secure and up-to-date version of MySQL. MySQL
Enterprise provides the added value of the update services wrapped around the MySQL Enterprise server
in the form of:
The MySQL Enterprise Monitor with Query Analyzer is a distributed web application that you deploy
within the safety of your corporate firewall. The Monitor continually monitors all of your MySQL servers
and proactively alerts you to potential problems and tuning opportunities before they become costly
outages. It also provides you with MySQL expert advice on the issues it has found so you know where to
spend your time in optimizing your MySQL systems.
MySQL Production Support Services MySQL Enterprise includes 24 X 7 X 365 production support for
your MySQL servers to help ensure your business critical applications are continuously available and
running at their peak. MySQL Production Support Services include:
Online Self-Help Support The knowledge base is a self-help tool that provides you with access
to 2,000+ technical articles on MySQL specific topics that help quickly answer questions and
solve problems.
Problem Resolution Support Allows you to work directly with the MySQL Production Support
team via phone, email or an online for quick resolution of technical problems.
Consultative Support Allows you to work with MySQL Engineers on the proper installation,
configuration and deployment of MySQL and its advanced feature set and on best practices
around the design and tuning of schemas, queries and application specific code.
Advanced Support for MySQL High Availability and Scalability Solutions MySQL Enterprise
includes full production support for additional advanced MySQL features and third-party solutions
to scale the availability and performance of your online applications.
Adobe Systems is one of the largest software companies and is the leading provider of creative tools for
print, web, interactive, mobile, video and film. Adobe embeds MySQL into several Adobe Creative Suite 3
components, including Adobe Acrobat CS3, Adobe Bridge CS3, and Adobe Version Cue CS3 so that
workgroups can work more efficiently on complex projects. For more information please visit:
http://www.mysql.com/why-mysql/case-studies/MySQL_CaseStudy_Adobe.pdf
NetQoS delivers products and services that enable some of the worlds most demanding enterprises to
improve network performance. American Express, Barclays, Boeing, Chevron, Cisco, Citrix, DuPont, Sara
Lee, and Schlumberger are among the corporations that rely on NetQoS performance management
solutions to ensure consistent delivery of business critical applications, monitor application service levels,
troubleshoot problems quickly, contain infrastructure costs, and manage user expectations. To find the
right embedded database solution to fit its innovative product architecture, NetQoS evaluated everything
from flat-files to proprietary databases. NetQoS found that MySQL provided the ideal combination of
performance, reliability, and ease of administration on Windows. For more information please visit:
http://www.mysql.com/why-mysql/case-studies/mysql-netqos-casestudy.pdf
http://www.mysql.com/customers/operatingsystem/?id=109
Conclusion
In this paper we presented a recap of many of the post-installation tasks required to secure an installation
of the MySQL server on Windows. We covered topics related to account and password management,
encryption and network access. Because MySQL continues to be a very popular choice on Windows, we
strongly encourage you to review these guidelines and implement then into your standard operating
procedures.
Resources
White Papers
http://www.mysql.com/why-mysql/white-papers/
Case Studies
http://www.mysql.com/why-mysql/case-studies/
http://www.mysql.com/news-and-events/
Live Webinars
http://www.mysql.com/news-and-events/web-seminars/
Webinars on Demand
http://www.mysql.com/news-and-events/on-demand-webinars/
About MySQL
MySQL is the most popular open source database software in the world. Many of the world's largest and
fastest-growing organizations use MySQL to save time and money powering their high-volume Web sites,
critical business systems and packaged software -- including industry leaders such as Yahoo!, Alcatel-
Lucent, Google, Nokia, YouTube and Zappos.com. At http://www.mysql.com, Sun provides corporate
users with commercial subscriptions and services, and actively supports the large MySQL open source
developer community.
To discover how Suns offerings can help you harness the power of next-generation Web capabilities,
please visit http://www.sun.com/web.