6.4.6.1 MySQL Enterprise Firewall Components
MySQL Enterprise Firewall is based on a plugin library that implements these components:
A server-side plugin named
MYSQL_FIREWALL
examines SQL statements before they execute and, based on its in-memory cache, renders a decision whether to execute or reject each statement.Server-side plugins named
MYSQL_FIREWALL_USERS
andMYSQL_FIREWALL_WHITELIST
implementINFORMATION_SCHEMA
tables that provide views into the firewall data cache.System tables named
firewall_users
andfirewall_whitelist
in themysql
database provide persistent storage of firewall data.Stored procedures named
sp_set_firewall_mode()
andsp_reload_firewall_rules()
perform tasks such as registering MySQL accounts with the firewall, establishing their operational mode, and managing transfer of firewall data between the cache and the underlying system tables.A set of user-defined functions provides an SQL-level API for lower-level tasks such as synchronizing the cache with the underlying system tables.
System variables enable firewall configuration and status variables provide runtime operational information.