In light of recent news of massive intrusions into enterprise database systems holding sensitive customer information - it is obvious reminders on hardening databases is not old news. Especially considering some of the compromises were executed only because customer data was not encrypted.
Starting with MySQL - I have assembled several links I have collected over time on securing various dbs to make compromise that much more difficult. Some information is basic fundamentals - which is great for those just starting to explore these systems - along with some links to further reading.
Something to remember (and many readers have suggested they do this already) - always use ssh when administering your remote database servers. If using a GUI tool for remote admin - be sure to select an application that supports port forwarding to a secure port.
MySQL’s site has some solid basics as well as a great Security Focus article on building a strong MySQL installation.
Tips and techniques on some other popular systems include:
IBM’s DB2 - http://www.informit.com/articles/article.asp?p=102226&rl=1
Microsoft SQL Server:
1) http://www.sqlsecurity.com/DesktopDefault.aspx
2) http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp
Oracle - http://www.orafaq.com/faqdbase.htm
PostgreSQL - http://www.postgresql.org/docs/8.0/interactive/admin.html
If you liked this blog, share the love:


June 28th, 2005 at 3:17 am
Just Starting to use MySQL seriously. I timely post Blane …. Thanks
June 29th, 2005 at 1:54 am
I ordered “High Performance MySQL” yesterday; however, i’m curious to know of any security tips for securing clustered enviroments for MySQL. Particuly replication…
July 1st, 2005 at 4:52 pm
I think taht mysql are one of the best part of web prgramming. Robust and also fragile.
My opinion.