MySQL Firewall is an enterprise feature filtering all incoming SQL statements allowing administrators to approve or deny SQL execution based on matching whitelist patterns, with a training mode for helping MySQL determine acceptable commands.
Category: Enterprise Features
MySQL 8.0 Enterprise Edition includes MySQL 8.0 Enterprise Firewall (MEF), an application-level firewall that protects against SQL injection, Gandcrab ransomware and other exploits by allowing all SQL statements for a given account where statements can be compared to whitelists of acceptable statements.
Enterprise Firewall Operational Modes
MEF is configured on a per-user basis, allowing administrators to fine-tune the whitelists of acceptable SQL statements according to the application(s) using the accounts. Each account registered with the firewall has several operational modes:
- recording mode, for adding normalized SQL statements run through the account into the whitelist rules
- protecting mode, for ensuring the application does not try to run any SQL statements deemed 'unfamiliar' to what it learned from the app in recording mode
- detecting mode, which is a more passive version of protecting mode, writing violations to the error log but allowing access to the database
Enterprise Firewall Components
MEF runs on all servers, ensuring full protection of your distributed database environment through the use of several firewall components. The
MYSQL_FIREWALL_WHITELIST plugins set up the firewall and configure
INFORMATION_SCHEMA tables for the firewall data cache. The
firewall_whitelist in the
mysql database store all firewall rules and data.
FIREWALL_USER privileges are added to the list of security settings for assignment to MySQL users.
You can get more detailed information in the MySQL 8.0 Enterprise Firewall Reference.
New Features in Version 8.0
The latest version of MEF includes an intrusion detection feature. This feature allows administrators to receive alerts from the firewall when suspicious activity occurs. These alerts will feed into MySQL Enterprise Monitor, an agent-free monitoring solution also included in Oracle MySQL Enterprise which offers functionality specific to monitoring MySQL Enterprise Firewall and other components of your MySQL deployment.