External threats are one obvious reason to enforce MySQL security, but internal threats like current or former employees are often more dangerous because they are (or were) trusted. Security is also important for enforcing privacy (medical/HIPAA regulations), preventing accidental access (for example, logging into the production server instead of the development server), or enabling third-party programs to interact with your systems.
For those looking to increase the security of their deployments, oak-security-audit is a worthwhile, free, open source tool that performs basic MySQL security audits. It doesn't require any setup; just run it against your MySQL servers, and it prints a report with risks and recommendations about accounts, account privileges, passwords, and some general best practices, like disabling network access. Here's a snippet of a report:
oak-security-audit focuses just on MySQL security, so it's not a replacement for a full system security audit by a human, but it's a great first line of defense that is easy to use. You could run it weekly with cron and have the reports emailed to you.
Download: http://openarkkit.googlecode.com/svn/trunk/openarkkit/src/oak/oak-security-audit.pyMaintainer: Shlomi NoachMore info: http://openarkkit.googlecode.com/svn/trunk/openarkkit/doc/html/oak-security-audit.html
This article, "10 essential MySQL tools for admins," originally appeared at InfoWorld.com. Follow the latest news in programming and open source at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.
Read more about data management in InfoWorld's Data Management Channel.