MySQL Forums
Forum List  »  Security

Easy ways to override MySQL authentication and get direct access to data (if you have local access)
Posted by: Jonathan Lampe
Date: November 18, 2005 11:28AM

If you've been around a while, you know that there are several easy ways for a local attacker to get around MySQL authentication: (and how security might detect such an attack)

1) Restart the MySQL service/daemon with the "--skip-grant-tables" option. (Noisy if MySQL service restarts are monitored.)

2) Replace the contents of the "mysql" table/folder with a "mysql" table/folder containing your own pre-configured credentials. (Kind of noisy - attracts attention if your replacement table is missing any production credentials.)

3) Copy any interesting MySQL tables off the MySQL server and drop them into your own MySQL database. (Much quieter, but may require a "noisy" large data transfer if you are, er, borrowing lots of data.)

Note that security can only react to these events in the unlikely event that they are detected; the data has probably already left the building.

Per-field encryption can useful to prevent certain information from falling into the wrong hands (assuming you aren't transmitting the key over a non-secure channel), but I've seen more than a few implementations where the desire to INDEX a sensitive value (like full name of a person associated with a record) for performance reasons has won over a desire for security. (I completely understand this conflict; if you can't use INDEXes, why use a database?)

To actually prevent data from being stolen or manipulated, I think I'm advocating the following "one-way" MySQL features:

- Allow installers to disable the "--skip-grant-tables" option. Obviously, this would have to be more than an option in the "my.ini" file.

- Introduce encrypted databases. Under Windows 2003 (where I usually run) you can get a lot of mileage out of the encrypted filesystem because if an admin force-changes a password on an encrypted data store, it gets wiped. However, implementing encrypted filesystems can make backups more interesting than they should be.

Long story short, it would be nice if we knew that the only way someone could get into our MySQL tables or make use of the underlying MySQL table files would be to authenticate properly through the MySQL software. At the moment, it seems the product is more oriented for the "dumb administrator" who forgets his password every few weeks.

Options: ReplyQuote


Subject
Views
Written By
Posted
Easy ways to override MySQL authentication and get direct access to data (if you have local access)
15472
November 18, 2005 11:28AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.