I'm a student and we are making a simple information system for a hospital. How can we improve the security of mysql database so that confidential information will be protected.
Just a few off the top of my head...
- Use a good password
- Only allow access to the server from places it should be accessed from. eg. if it should only be accessed by a web server on the same machine, then don't allow mysql to be accessed from outside the machine.
- Give each person that can access it their own username and password and limit them to only the actions they need to perform. Disable DROP, DELETE etc and don't give average users permission to change databases, create tables, alter tables etc etc.
- Make sure you understand the user permissions system used in MySQL. It is a nightmare at first, but gives you a lot of control when you get it.
- Don't assume it is secure - it isn't - regardless of what you've done, you can always do more.
Disallow connections from all ip addresses except application server ip address. And make sure that application working with DB is free of security holes. :)
Security is a complex issue and it is hard to answer vague questions.
A few generalisations.
If it makes sense to co-locate your database and application on the same server, then you should do so and disable all remote access to the database. The downside is that this limits your ability to scale using separate database and application servers.
Also you need to determine if you require replication. If you do then you need to allow access, whereas if you can get away with it you should not.
You need to be rigouous with your username and password regime. I actually use a password generator for both the user name and the password for application access, but how far you go is up to you.
You should assume that someone will get access to your database. Each "user" should only have the permissions required by the user to do that job. The less each user can do the safer you will be when someone does break in. You may need to create several users so each bit of your application can do their job, and only their job.
Lastly you should consider the ramifications of gaining access to your database. I would assume that health records require extremely high levels of security. You may consider some form of encryption / obfuscation in the database itself, but I have not ever needed to do this myself so I cannot comment furher.