Design And Implementation On An Improved Access Control For MySQL Database

MySQL is currently the most popular open source database and as the dramatic growth of the number of users, more and more attention has been paid to corresponding security problems. The existing MySQL database has some drawbacks in the respect of its internal security. For example, the right of the super user is over-concentrated and the access control mechanism is relatively weak.In order to improve the internal security of the MySQL database, this paper presents an improved access control model of MySQL database management system by analyzing the original aceess control mechanism of MySQL database and the security requirements of MySQL. And then under this model,archives an access control system of MySQL database management system based on Separation of three powers and role-based access control.In view of the drawback of the access control memchanism of the MySQL security management system mentioned above, the paper proposes improvements from two aspects. On one hand, with consideration of the problem of the MySQL database management's security that the right of the super user is over-concentrated, the improved system adopts the separation of three powers technique to divide the right of the super user into three parts which are assigned to three roles—administrator, security-officer and auditor and implements system role management and system log management. On the other hand,on the basis of the discretionary access control mechanism of the original system, the improved system utilizes the RBAC technique, introducing the concept of role into the MySQL database system and implements Business role management, improved authorization management, Business role allocation management and the rules of role constraint including the principles of maximum allocation of users and mutually exclusion roles.Through the improvement of management and extern business of MySQL database, the security of MySQL database management system could be well improved.Since time is limited, the functions implemented in the system are still imperfect and further study and implementation is still needed.