Securich - A Security and User Administration plugin for MySQL

Darren Cassar (Trading Screen Inc) speaks at the 2010 O'Reilly MySQL User Conference & Expo.

Slides -
http://assets.en.oreilly.com/1/event/36/Securich%20-%20A%20Security%20and%20U...

From the official conference description at http://en.oreilly.com/mysql2010/public/schedule/detail/13351

How often do you wonder about the privileges a particular user has on databases, tables and stored procedures? Have you ever thought about which users have access to table passwords in livedb? Do all my users have a decent password? and When was it changed last? are surely issues DBAs commonly think about, whilst hoping users are not cycling through the usual three passwords to avoid having to remember a new one. Maybe you have occasionally granted full access to all tables in a database to avoid the frustration of having to grant on tables one by one, or wondered about the mess your users and their privileges were in. Did you ever wish you could rename a user paul'192.168.0.189' to 'paul'192.168.0.188 or clone userjohn'localhost' from 'fred'127.0.0.1? Then, perhaps, Securich can come to your rescue. It can easily tackle the above and much more. Securich also enables the absent roles functionality in MySQL, permits dynamic updating of roles and immediate rollout of the changes to each user.

Securich is very simple to install and update using a bash script that includes error catching and rollback in case of problems. Securich is also easy to be remove if required, a single drop securich command does the trick and does not change any of the rights granted to users through it.

Securich Features 1. Roles (Dynamic)
2. Password history
3. User cloning
4. Secured user (avoiding password-less accounts)
5. Configurable password complexity length, uppercase, lowercase, special characters, dictionary check
6. The possibility to revoke privileges from a single table (grant access to all tables in a database but one)
7. User blocking / unblocking
8. Immediate revoking of Privileges and Isolation of User
9. Auditing of privileges granted / revoked
10. Auditing of role updates
11. Reconciliation between MySQL and Securich

SAM-My is a web based, cross-platform, OS independent and lightweight application written in PHP, enabling GUI administration of users and configuration of the main parts of SECURICH.

SAM-My Features 1. Connection to MySQL and logout function
2. UI list of accounts and viewing of their rights
3. Granting and revoking of privileges
4. User cloning
5. Other features from Securich
6. Version check of Securich, MySQL and other details about the data server

Adding to its appeal is the fact that both Securich and SAM-My are OpenSource projects licensed under GPLv2.

Category:

Science & Technology

Tags:

• mysql
• mysqlconf
• darren cassar
• roles
• users
• user role
• password
• password history
• clone
• grant
• revoke
• audit
• user audit
• SAM-my

License:

Standard YouTube License