What is MySQL?

MySQL is a popular open-source database management system used to store

and manage data. It organizes information into tables, making it easy to
retrieve, update, and manage data efficiently. MySQL is widely used for
web applications, such as websites and online services, because it is reliable,
fast, and supports multiple users. It’s often paired with programming
languages like PHP and used in platforms like WordPress.

Database Security Threats

The MySQL databases face various security threats, including:

• SQL Injection: Attackers exploit vulnerabilities in database queries by

inserting malicious code, allowing them to access, modify, or delete
data without authorization.

• Unauthorized Access: Hackers gain entry to databases using weak

passwords or poor security configurations, leading to potential data
theft or manipulation.

• Data Breaches: Sensitive information is exposed due to security

flaws or insider threats, compromising personal and financial data.

• Malware and Viruses: Malicious software infects the database,

corrupting or stealing data and potentially spreading to other parts of
the system.

• Data Loss: Important data is lost due to accidental deletions,

hardware failures, or cyberattacks, impacting business operations
and data integrity.

• Denial of Service (DoS): Attackers overwhelm the database server

with excessive traffic, causing it to become slow or completely
unavailable to users.

Best Practices for MySQL Security

Securing your MySQL database is vital to safeguard sensitive data and
maintain application integrity. Here’s how to do it effectively:
 • Use Strong Passwords: Make sure all MySQL users have tough,
unique passwords with a mix of characters. Regularly update and
rotate passwords for added security.

• Keep MySQL Updated: Always install the latest patches and versions
to fix any security holes. This ensures you’re protected against known
vulnerabilities.

• Limit User Permissions: Give users only the permissions they need.
Avoid using the powerful root account for everyday tasks. Instead,
create specific accounts with restricted access.

• Enable Firewall Protection: Set up a firewall to control access to

your MySQL server. Only allow connections from trusted sources to
prevent unauthorized access.

• Encrypt Your Data: Protect sensitive data both at rest and in transit
using encryption methods like SSL/TLS. This ensures that even if
someone gains access, they can’t read the data.

• Regular Backups: Backup your databases regularly and store them

securely. In case of data loss or corruption, you’ll have a copy to
restore from.

• Monitor and Audit: Keep an eye on your database’s activity using

monitoring tools. Regularly review logs for any suspicious behavior
that could indicate a security breach.

• Disable Remote Root Access: Prevent remote access to the

powerful root account to minimize the risk of unauthorized access.
Instead, use secure methods like SSH tunneling for remote access.

• Remove Unused Accounts and Databases: Regularly clean up

unused accounts and databases to reduce the potential entry points
for attackers. This minimizes the attack surface and enhances security.

Example: Implementing Access Control

Create a new user with restricted privileges

CREATE USER ‘new_user’@’localhost’ IDENTIFIED BY ‘password’;

Grant specific privileges to the new user on a specific database

GRANT SELECT, INSERT, UPDATE ON database_name.* TO
‘new_user’@’localhost’;

Implementing Two-Factor Authentication

(2FA)
Two-factor authentication (2FA) adds an extra layer of security by
requiring users to provide two forms of identification before gaining access
to the MySQL database. This can be something the user knows (like a
password) and something the user has (like a mobile device for receiving a
verification code).

Setting Up Two-Factor Authentication

To set up 2FA, follow these steps:

1. Choose a 2FA Solution: Select a 2FA service provider compatible

with your MySQL setup (e.g., Google Authenticator, Duo Security).

2. Integrate 2FA: Integrate the 2FA solution with your MySQL

authentication system. This may involve configuring your MySQL
server to work with the 2FA provider.

3. Enforce 2FA for Users: Update user access policies to require 2FA
for accessing the database.

Example Configuration
# Install necessary 2FA modules
sudo apt-get install libpam-google-authenticator

# Configure MySQL to use PAM authentication

[mysqld]
plugin-load-add=auth_pam.so

# Add PAM configuration for MySQL

auth required pam_google_authenticator.so

# Update user authentication in MySQL

CREATE USER 'secure_user'@'localhost' IDENTIFIED WITH 'pam' USING 'mysql';
GRANT ALL PRIVILEGES ON *.* TO 'secure_user'@'localhost' REQUIRE 2FA;

Recommended Strategies
consider the following strategies to enhance MySQL database security:
 • Frequent Security Audits: To find and fix any possible issues in the
MySQL environment conduct regular security audits and vulnerability
evaluations.

• Employee Education: To minimize the possibility of human mistakes

and to teach staff members about the security best practices, provide
them with thorough security awareness training.

• Security Guidelines: To control database access, data

processing, and incident response methods, set up and enforce
security procedures and guidelines.

• Continuous Monitoring: Use continuous monitoring tools to improve

threat detection and reacting to incidents skills by quickly identifying
and responding to security incidents.

MySQL is one crucial database system that aids in talking to and managing
the storage of data for innumerable websites and applications. By that, the
way you lock your front door to protect the house, the same way you secure
your MySQL Database in the hope that in case your data is hacked, only
concerned people can get in and no illicit people can make some changes.
Let’s go ahead with some easy and effective ways to keep your MySQL
database secure.

User Account Management

Proper management of user accounts is one of the cornerstones of MySQL
security. If you carefully control who has access to your database and what
they can do, you have significantly reduced the possibility of some
unauthorized actions and data breaches. Some of the key practices in
managing user accounts include the following:

Create Unique Users for Each Application Different MySQL users for various
applications allow isolating access and permissions.

Limit User Privileges

This can be achieved through the principle of least privilege, whereby only
privileges that are essential to performing the duties are awarded to every
user.

Strong passwords
Ensure that strong and complex passwords are in use, and also consider
putting in place password expiration policies.

Authentication and Authorization

It is in regard to the two important parts of MySQL security: authentication
and authorization, thus ensuring with utmost care that only valid users may
access the database and, at the same time, are properly authorized for their
duties. The following section represents detailed best practices related to
authentication and authorization management in MySQL:

Enable Two-factor Authentication

Purpose: 2FA ensures that the user has further protection by demanding two
kinds of authentication; usually, something they know and something they
have, such as a password and a code obtained from a mobile application.

Implementation: Use plugins or external auth providers that support 2FA,

such as integrating Google Authenticator with MySQL through PAM.

Use Secure Connections SSL/TLS

Purpose: The technique of encrypting the connections between a MySQL

server and the clients protects the data against interception and man in the
middle attacks.

Implementation: Generate the SSL/TLS certificates and configure the

MySQL server to use them. Also, update the client applications to connect
with the MySQL Server using SSL/TLS.

Example configuration in my.cnf

ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

Data Encryption
Data encryption is one of the essential elements of MySQL security. It provides
security for sensitive information at rest and in transit. When you are
encrypting data, even if somebody intercepts the data or views them in
malice, it will still be useless to the particular entity. Following are the best
practices to apply in data encryption using MySQL:
Encrypt Data at Rest

Purpose: Protect data stored on disk to prevent unauthorized access to the

physical storage media.

Implementation: Use MySQL’s built-in support for Transparent Data

Encryption (TDE) to encrypt database files.

Example: Enable TDE for a specific table

ALTER TABLE my_table ENCRYPTION='Y';

Store encryption keys securely, ideally using a key management service

(KMS).

Encrypt Data in Transit

Purpose: Ensure that data transmitted between the MySQL server and clients
is protected from interception and eavesdropping.

Implementation: Configure SSL/TLS for MySQL connections to encrypt data

in transit.

Example
[mysqld]
ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

Remove Unnecessary User Accounts

It is always good for security tightening of the MySQL environment to remove
unused user accounts. Some of these dormant or unused accounts may be
entry points for attackers. Regular auditing and deletion of such accounts
minimize the potential risks of unauthorized access.

Audit User Accounts Regularly

Objective: The objective of this control is to identify the accounts that are
not active or for which MySQL Database access is no longer needed.

Implementation: Review the MySQL list of user accounts periodically.

Here is the SQL used to listing all MySQL user accounts.

SELECT user, host FROM mysql.user;

Detect Inactive Accounts

Objective: This control aims to classify accounts that are less than very active
and verify if they are truly needed.

Implementation: Check the last login time for each user account, if
available. MySQL Enterprise Edition includes an audit plugin which allows
tracking of user activity. Otherwise, look for accounts assigned to projects or
users which no longer exist.

MySQL Security
MySQL is one crucial database system that aids in talking to and managing
the storage of data for innumerable websites and applications. By that, the
way you lock your front door to protect the house, the same way you secure
your MySQL Database in the hope that in case your data is hacked, only
concerned people can get in and no illicit people can make some changes.
Let’s go ahead with some easy and effective ways to keep your MySQL
database secure.

User Account Management

Proper management of user accounts is one of the cornerstones of MySQL
security. If you carefully control who has access to your database and what
they can do, you have significantly reduced the possibility of some
unauthorized actions and data breaches. Some of the key practices in
managing user accounts include the following:

Create Unique Users for Each Application Different MySQL users for various
applications allow isolating access and permissions.

Limit User Privileges

This can be achieved through the principle of least privilege, whereby only
privileges that are essential to performing the duties are awarded to every
user.

Strong passwords

Ensure that strong and complex passwords are in use, and also consider
putting in place password expiration policies.
Authentication and Authorization
It is in regard to the two important parts of MySQL security: authentication
and authorization, thus ensuring with utmost care that only valid users may
access the database and, at the same time, are properly authorized for their
duties. The following section represents detailed best practices related to
authentication and authorization management in MySQL:

Enable Two-factor Authentication

Purpose: 2FA ensures that the user has further protection by demanding two
kinds of authentication; usually, something they know and something they
have, such as a password and a code obtained from a mobile application.

Implementation: Use plugins or external auth providers that support 2FA,

such as integrating Google Authenticator with MySQL through PAM.

Use Secure Connections SSL/TLS

Purpose: The technique of encrypting the connections between a MySQL

server and the clients protects the data against interception and man in the
middle attacks.

Implementation: Generate the SSL/TLS certificates and configure the

MySQL server to use them. Also, update the client applications to connect
with the MySQL Server using SSL/TLS.

Example configuration in my.cnf

ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

Data Encryption
Data encryption is one of the essential elements of MySQL security. It provides
security for sensitive information at rest and in transit. When you are
encrypting data, even if somebody intercepts the data or views them in
malice, it will still be useless to the particular entity. Following are the best
practices to apply in data encryption using MySQL:

Encrypt Data at Rest

Purpose: Protect data stored on disk to prevent unauthorized access to the
physical storage media.

Implementation: Use MySQL’s built-in support for Transparent Data

Encryption (TDE) to encrypt database files.

Example: Enable TDE for a specific table

ALTER TABLE my_table ENCRYPTION='Y';

Store encryption keys securely, ideally using a key management service

(KMS).

Encrypt Data in Transit

Purpose: Ensure that data transmitted between the MySQL server and clients
is protected from interception and eavesdropping.

Implementation: Configure SSL/TLS for MySQL connections to encrypt data

in transit.

Example
[mysqld]
ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

Remove Unnecessary User Accounts

It is always good for security tightening of the MySQL environment to remove
unused user accounts. Some of these dormant or unused accounts may be
entry points for attackers. Regular auditing and deletion of such accounts
minimize the potential risks of unauthorized access.

Audit User Accounts Regularly

Objective: The objective of this control is to identify the accounts that are
not active or for which MySQL Database access is no longer needed.

Implementation: Review the MySQL list of user accounts periodically.

Here is the SQL used to listing all MySQL user accounts.

SELECT user, host FROM mysql.user;
Detect Inactive Accounts

Objective: This control aims to classify accounts that are less than very active
and verify if they are truly needed.

Implementation: Check the last login time for each user account, if
available. MySQL Enterprise Edition includes an audit plugin which allows
tracking of user activity. Otherwise, look for accounts assigned to projects or
users which no longer exist.

MySQL Vulnerabilities
We are living in a digital era, as the internet and technology are expanding
and becoming more and more popular with each passing day, so are the
crimes committed on it. In recent years, the cyber-crimes on businesses or in
general have significantly grown. These malicious cybercriminals take
advantage of poorly designed or flawed systems used by these businesses for
either some self-monetary gains by selling data, Ransom, or by any other
means; or for besmirching the company’s name and its reputation. MySQL
relational database management system is among one of the most popular
open-source RDBMS in use currently, the main purpose of using it is to store
the data for web servers or websites. Mostly all of the currently popular web
servers and also the frameworks use MySQL as their preferred database. Just
like any other piece of software MySQL too has some vulnerabilities which can
be exploited and can cause significant damage if carried out properly, so to
avoid them and to secure the data let’s look at what these vulnerabilities are
and their possible fixes.

1. SQL Injection: It is among the most common and perilous attacks, in this
type of attack the attackers steal information or foist data loss by attacking
the database. Basically, it is an injection-type attack where the attacker runs
malicious SQL queries that could have various serious implications such as
losing data or even data stealing.

Mostly SQL Injections are carried out on web apps. Attackers make use of
some known loopholes and vulnerabilities to target the application by SQL
Injection vulnerabilities mainly to bypass application authentication process
and security or to cause some harm to the database.

After carrying out a successful attack the malicious user can access the
authorized and authenticated sections of web servers and applications, and
can also modify, add or delete the data and can also retrieve the records as
well.
Let’s take an example of a situation where we are trying to authenticate a
user on some application. To do that first we would have to send or input the
user’s login credentials for authentication purposes.

After the credentials are entered the application will build an SQL query below
to check if the user with the entered credentials already exists or not. Query:
SELECT * FROM utable WHERE username = “UserName001”

AND password = “user1_password”

This was the case of a normal user. Now, what if an attacker is trying to exploit
the system they might enter the password as “ ’*’ OR ‘1’ = ‘1’ ” and when the
application builds its query it will look like this:

Query:
SELECT * FROM utable WHERE username = “UserName001”

AND password = ‘*’ OR ‘1’ = ’1’.

So, whenever the system runs this query it would always give the result to be
true and the application thinks that the password is correct. In this query, the
first part will look for the user with username “UserName001” with the
password “*” and it will either give no result or rule it out to be false. This is
where the second part of the query comes into play, here the password will
always result in true. The application will let the query pass and hence the
malicious user will be able to bypass the authentication. In similar ways, the
attacker can also modify, add, delete or retrieve the data as they please.
However, this can be circumvented either by using parameterized query/
prepared SQL statements or by sanitizing the user inputs, before the
application generates the query for the provided inputs.

2. Improper Input Validation: Improper Input Validation is a dangerous

type of attack where a malicious user carries out an attack on web servers or
their instances such as MySQL. These attacks are used to make the instances,
services, or network resources inaccessible momentarily or even permanently
by disrupting the host, system, or the instance it is connected to. In MySQL,
it can make the instance of MySQL crash hence making it momentarily
inaccessible by any of the services that are using it as its data source.

The other issue with this type of vulnerability is that it allows remote
authenticated users to cause a DoS attack by using a crafted SELECT
statement along with a UpdateXML() command with many unique nested
elements. The result of this is a more susceptible MySQL to DoS vulnerability.
An attacker could exploit this flaw to takedown the whole database and its
instances, rendering other services useless and making them inaccessible to
the user.

The payload along with the commands that can be used in this scenario is as
follows:

Syntax:
$mysql->query("SELECT UpdateXML('<a>$a<b>ccc</b>

<d></d></a>', '/a', '<e>fff</e>') AS val1");

To avoid this vulnerability the updated versions of MySQL can be used where
this exploit has been patched, version 5.5.* and above are free from this
vulnerability.

3. Concurrent Execution using Shared Resources with Improper

Synchronization or Race Condition: Concurrent Execution using Shared
Resources with Improper Synchronization is an undesired condition that
happens when a system tries to run two or more than two operations
concurrently, though in a majority of the system the operations are performed
in the right order or timing because of the uncontrolled events to make sure
that the operations are done effectively.

In MySQL, this can give rise to a race condition, which can be considered a
serious problem. It allows a local user to access the database and after that,
they can use privilege escalation or escalate their user privileges and after
changing their user privileges, they can carry out an arbitrary code execution
attack as a local user of the database. This problematic concurrent execution
using shared resources with improper synchronization condition is present in
MySQL versions before version 5.5.51, 5.6.x to 5.6.32, 5.7.x to 5.7.14 and
8.x to 8.0.0; MariaDB is also affected with this condition MariaDB versions
before version 5.5.52, 10.0.x to 10.0.27, and 10.1.x to 10.1.17. The attackers
can use this vulnerability to their advantage by exploiting it and bypassing the
imposed security restrictions to run unauthorized and arbitrary commands.
This could in turn be used as a launchpad for other attacks. Though now this
vulnerability has been patched on the vulnerable versions.

4. Permission, Privileges, and Access Controls: It is an old vulnerability

that now has been patched. This vulnerability allowed the malicious users to
override the config file of MySQL with numerous settings, so these settings
could be implemented when MySQL is started next time.

5. DNS Injection in ghost: This vulnerability was present in ghost (a

triggerless schema migration tool for MySQL) versions before version 1.1.3
which had a file path traversal or directory traversal vulnerabilities. In order
to exploit it, the attacker either needs to have access to the target host or
they need to trick the admin to run a crafted ghost command on the host
running ghost along with the network access from the target host running
ghost to the attack’s malicious MySQL server. The -database parameter must
also be properly sanitized to avoid this.

If the code is vulnerable then a command like the below could be crafted and
used to exploit this vulnerability.

Syntax:
./gh-ost -user test -password -test -alter

test -table test -database “test?allowAllFiles=true&”