Details
-
Task
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Won't Fix
-
None
Description
Additional features to ensure that system administrator can't login to the database and grant access to secured data by passing audit plugin.
1 - A malicious script that export data via usurpation of the backup user
2 - A malicious script that export data via usurpation of the replication user
3 - A malicious user that change the configuration file and restart without grant option
4 - A malicious user that replace system tables by it's own ones
5 - A malicious user that have access to backup directory
1 - For backups and various DBA scripts we introduce an exec command and define events like CREATE ENCRYPTED EVENT ... EXEC("mysqldump -ubackup -ptoto ....") we can ensure like this that the command containing my precious database password is secured . such event will be store in encrypted tablespace using extra event_crypt system table . To not expose the password to ps command the user backup is extended with a 2 step authentication negotiated by the server itself and replaced in the exposed command.
2 - For replication we can store an additional key to master.info and multi_master.info that encrypt the password in the file. Empty key would define a not yet encrypted password
3 - Store and fetch the configuration from the remote key management plugin
4a - Encrypt system user table at startup after privileges loaded in memory and store the key in a file for decripting at next startup.
flush priviledges and any grants command would decrypt the entire myisam table
4b - Encrypt user or password , key store along the user record in extra column , every login should first decrypt credential to pas authentication .
5 - Dumps can produce encrypted results adding extra command like /* 100108 */ set @@key=xxx; before every following multi row insert command encrypted with the key
Attachments
Issue Links
- relates to
-
-
- Closed
-