23.9.1: Does MySQL 5.1 have built-in authentication against LDAP directories?
23.9.2: Does MySQL 5.1 have native support for SSL?
23.9.3: Where can I find documentation that addresses security issues for MySQL?
23.9.4: Is SSL support be built into MySQL binaries, or must I recompile the binary myself to enable it?
23.9.5: Does MySQL 5.1 include support for Roles Based Access Control (RBAC)?
Questions and Answers
No. Support for external authentication methods is on the MySQL roadmap as a “rolling feature”, which means that we plan to implement it in the future, but we have not yet determined when this will be done.
Most 5.1 binaries have support for SSL connections between the client and server. We can't currently build with the new YaSSL library everywhere, as it is still quite new and does not compile on all platforms yet. See Section 5.5.6, “Using SSL for Secure Connections”.
You can also tunnel a connection via SSH, if (for instance) if the client application doesn't support SSL connections. For an example, see Section 5.5.7, “Connecting to MySQL Remotely from Windows with SSH”.
The best place to start is Section 5.3, “General Security Issues”.
Other portions of the MySQL Documentation which you may find useful with regard to specific security concerns include the following:
MySQL Enterprise. The MySQL Enterprise Monitor enforces best practices for maximizing the security of your servers. For more information, see http://www.mysql.com/products/enterprise/advisors.html.
Most 5.1 binaries have SSL enabled for client-server connections that are secured, authenticated, or both. However, the YaSSL library currently does not compile on all platforms. See Section 5.5.6, “Using SSL for Secure Connections”, for a complete listing of supported and unsupported platforms.
No. Support for roles is on the MySQL roadmap as a “rolling feature”, which means that we plan to implement it in the future, but we have not yet determined when this will be done.