Additional prevention of Database tampering...

Question

Is it possible to prevent someone other than those allowed from tampering with the database. I guess I am asking if there is an method other than the database login to hamper people from tampering with the database? I am aware of privileges and how only access to certain parts of the database for certain users. I am looking for something more in case someone manages to ascertain the correct username/password combination.

I am using this database in conjunction with a web server. The database server and web server are on different machines and behind a hardware firewall. The web server is only accessible through the firewall, and the database server accessible only through the web server.

I guess what I am asking is would it be feasible to create some sort of user control that creates a session id or something similar so that only if that id matches that stored when the user signed on will the query be run.

Answer 1

Yes you have some control on setting which user has what privilege. Of course if they get a hold of the root user password, then I think you may be out of luck.

Check out this link for some information regarding Granting/Revoking privileges. http://beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm

Granting Syntax (from link)

GRANT privilege_name
ON object_name
TO {user_name |PUBLIC |role_name}
[WITH GRANT OPTION]; 

Revoke Syntax (from link)

REVOKE privilege_name
ON object_name
FROM {user_name |PUBLIC |role_name} 

More: Brian added as a comment that Symantec has a nice guide to securing MySQL. I just wanted to add that it contains a lot of very useful information as well, http://www.symantec.com/connect/articles/securing-mysql-step-step

Answer 2

The best way to prevent people from tampering with it is to put it on a server that can only be accessed from the other machines that need to talk to the database (such as a web server)

If possible, the web-servers shouldn't have any administrative access except through a local network or a VPN.

If cost is an issue (you only have one server perhaps or a shared host) If you can run MySQL over an SSL connection, at least then the passwords aren't sent in the clear.

Answer 3

Update your OS for any security fixes that could lead to privilege escalation or remote code execution and use a firewall to block every ports beside the one you need. You could use SSH tunnels if your database needs remote access. Filesystem access or shell access may be a way to tamper with the database.

Use multiple credentials with according privileges. Use read-only access to logins that doesn't need write access.

Please explain a bit your environment and your situation and typical usage, that would help up to pinpoint potential flaws.

Answer 4

Read up on SQL Injection attacks and make sure your code will not allow them.

If you do not use dynamic SQl and use stored procs instead, you can put permissions at the proc level and users can only do things through the stored proc as you can prevent direct insert, update and delete to the tables. This helps prevent fraud because the users can't do anything except what the developers have written. So no one can delete a whole table, etc. Do not give developers production rights other than select rights. Encrypt your backups. Remember employees are as big or bigger threat to your data as outside attacks.

In some databases a password for the sys admin is not required. Always use one. Do not give it out to anyone more than you must.