What are the ways to secure a MySQL database from hackers?
As Roland mentioned, you can refer to the MySQL security best practices, but here are some of the "Must-do's":-1. Ensure that MySQL database sits behind a protected layered firewall.2. Never run the MySQL server as the Unix root user which is dangerous and a bad practice. Create a separate privileged user to administer MySQL and add a "user" option in the my.cnf file which causes the server to start as a designated user.3. Always use "Option" files - MySQL can read startup options from option files (sometimes called config files). /etc/my.cnf or /etc/mysql/my.cnf4. Learn to use "TCPDUMP" and "String" facilities. Check whether MYSQL data streams are unencrypted by issuing the commandtcpdump -1 -i eth0 -w -src or dst port 3306 | strings5. Never store password in MYSQL_PWD environment variable. On some systems if you set MYSQL_PWD, some versions of "ps" include an option to display the environment of running processes and your password is exposed to the any other use who runs "ps".6. Restrict "mysql.user" table and access to this table should not be given to any non-administrative account7. local_infile= 0 (default value is 1)8. secure_auth=1 (enabled by default)- ensures that the client connections to the database do not use the pre 4.1 password hashing.9. MySQL history - writes record of executed statements to a history. Passwords can be written as plain text in SQL statements such as Create user, Set password etc.which are logged in the history file. Use "Restrictive access mode".10. Upgrade to the latest version (MySQL 5.7) which comes up with these new security features:-a) No test databaseb) No anonymous user accountsc) Automatic password expiration default_password_lifetime= 180 (password lifetime is 6 months as an ex)If you want to expire the password manually, use something like this:-ALTER user 'sai'@'localhost' PASSWORD EXPIRE; d) MySQL now also has a --syslog option that causes interactive statements to be sent to system "syslog" facility.11. Never "GRANT" privileges to all hosts' Use Revoke to remove unnecessary privilegesKeep track of the MySQL vulnerabilities such as MySQL 5..63(Authentication bypass) or MySQL UDF weakness (port 3306) and update the patches frequently to ensure that all arguments are validated and prepared statements are used to prevent SQL injection and other vulnerabilities.
What is the reasons to store users' credentials in LDAP instead of MySQL?
Complexity of your authentication system and number of different systems that are bound to use it are the main reason.LDAP stands for Lightweight Directory Access Protocol - basically, it is meant to be used for authentication, storing user attributes and privilege data. If you say have multiple different systems in one company, and users that should be granted different levels of privileges on those systems, storing them in MySQL is not the best option.In that case you would use LDAP as much more appropriate solution. Also bear in mind that many commercial applications offer authentication via LDAP out of box.
Is SQL a programming language?
No, SQL in it's purist form is NOT a programming language. It IS a query language. The reason I say this is because in order for something to qualify as as a "programming language" it needs to be able to perform repetitive tasks (called loops) and decision logic (control structures) SQL has neither of these really.Major database creators saw this lacking from SQL and made their own server side progranning languages with SQL as it's base. For example Microsoft created T-SQL, PL/pgSQL was created by PostgreSQL, and Oracle created PL-SQL. These all have looping and control structures but they exist outside or rather as an appendage to the original SQL spec.
SQL Codes to apply security constraints?
Two common DCL commands Grant: GRANT "access right here" (e.g. ALL, EXECUTE, and SELECT) ON "database object here" (e.g. TABLE, VIEW, STORED PROC, SEQUENCE) TO {"user name here" |PUBLIC |"role name here"} [WITH GRANT OPTION]; Revoke: REVOKE "access right here" (e.g. ALL, EXECUTE, and SELECT) ON "database object here" (e.g. TABLE, VIEW, STORED PROC, SEQUENCE) FROM {"user name here" |PUBLIC |"role name here"} The parentheses aren't necessary, they're just to illustrate where to edit sql parameters,
Why is it so easy to drop tables in SQL?
SQL Server uses a declarative language internally. That means you tell SQL Server what to do, but not how to do it. So, you can issue a command through T-SQL, within a database that you have access to, using the permissions you are given within that database. If those permissions include the data_reader role, you'll be able to run a SELECT statement. If those permissions include the data_writer role, you'll be able to run an UPDATE statement, including one without a WHERE clause. If your permissions are DBO or SA, you'll be able to drop a table, or pretty much anything else. Because that's how the declarative language works, you told it what to do.So, the best method for controlling this behavior is to control access to the database. Give people as little access as possible so that the uninformed can't simply drop tables. One reason to use stored procedures is to isolate the access to the database so that people can only ever execute the procedures you give them access to and not do crazy things like drop a table.