MySQL DATA Security

Important Rules for Working with MySQL with Data Protection Enhancements.

Do not store passwords in original form in your database table.

If the security of your computer breaks, the intruder can access your MySQL data and use them. Usually, hashing functions are used to protect the password by storing hash value, but AES 256 bit encryption is a much better option to encrypt the data.


MySQL port must not be accessible from untrusted hosts.

The default port 3306 is used by MySQL, and this port must not be accessible from untrusted hosts.


Do not use any data from input without filtering.

It's required to escape special characters in a string for use in an SQL statement; this is used to make SQL query safe. Otherwise, an intruder can try the trick to get access to your database by using a special sequence of characters in your application form or URL.


Protect only string data values is a very common mistake.

It's required to examine numeric data as well just like string. If your application generates a query such as SELECT * FROM users WHERE UserID=330 and you are getting 330 value from URL, then it's much possible intruder can change the value and add 330 OR 1=1  to cause the application to generate the query SELECT * FROM users WHERE UserID=330 OR 1=1. As a result, it will retrieve every row in the table.
To avoid this kind of attack a straightforward way is to add a single quotation around the numeric constants such as SELECT * FROM users WHERE UserID='330'.


MySQL administrative user must be different from application user.

Application level user access privileges must be different from an administrative level user. Do not give any privileges to users they do not require.


Do not provide access to MySQL user table to another user except root user.

MySQL user table has data of all users and permissions of MySQL; only root user has permission to access of this table. Otherwise, data can be misused by swapping permissions and password with other users data.


Do not transmit data in the original form on the Internet.

Unencrypted information is accessible to everyone who can access it, and encrypted protocol such as SSL or SSH protects data from unauthorized access.