MySQL brands itself as the world’s most popular open source database. As popular as MySQL database is among developers and SQL enthusiasts, it is equally popular amongst hackers. Misconfigured server access, overprivileged roles, and weak authentication schemes are the most common security issues in MySQL database. While access control features provided by MySQL are adequate enough at the SQL level, it is error-prone to manage access at the operational level. This post aims to give you a brief overview of securing access to production MySQL databases.
This post will go over exploiting server security weakness, exploiting weak authentication and network connection schemes, misusing and escalating poorly managed database privileges, and of course SQL injection (and more).