Advanced database security:

data protection + threat detection/prevention

The importance of advanced database security cannot be underestimated. In July 2017, Identity Theft Resource Center and CyberScout reported a 29% increase in the number of data breaches over the previous year.

Securing data inside and out

MariaDB TX secures data at every layer, from encrypted communication and storage to pluggable authentication and role-based access control. Further, an advanced database proxy with a built-in firewall detects and prevents data breaches – blocking queries and masking sensitive data.

White Paper

Top 5 reasons to choose MariaDB TX for security

Firewall and data masking

The firewall plugin uses rule-based configuration to intercept and block queries based on multiple parameters (e.g., user or syntax) to, for example, prevent malicious attacks like SQL injection from deleting all rows in a table or accessing restricted tables/columns. The data masking plugin can be configured to hide sensitive data (e.g., PII/SPI – credit cards, Social Security numbers).

End-to-end encryption

The connections between clients, proxies and databases can be encrypted with Transport Layer Security (TLS) to protect data in motion while tables and binary logs can be encrypted with Advanced Encryption Standard (AES) algorithms to protect data at rest – and there are plugins for the AWS Key Management Service (KMS) and the eperi Gateway.


The auditing plugin can be configured to track all database events – connections, queries (DML/DDL/DCL) and tables accessed – logging the time, username and host, database and operation, and more. In addition to local files, remote files are supported via syslog and rsyslog – often to aggregate database events from multiple servers and/or restrict access.

Denial of service protection

The result limiting filter can be configured to block malicious queries intended to slow down the database by returning thousands if not millions of rows. In addition, to protect from denial of service (DoS) and distributed denial of service (DDoS) attacks, user resource limits can be set to restrict the frequency of connections, queries and more.

Pluggable authentication and role/group authorization

LDAP authentication with user and group mapping – SSH passwords, one-time passwords and two-factor authentication via Google Authenticator, too – is supported via the Pluggable Authentication Module (PAM) plugin while password validation plugins can be enabled to enforce strong passwords. In addition, administrators can configure role-based access control (RBAC).

MariaDB TX security components

MariaDB TX security components

Meet security standards and regulations

Today, many companies have to comply with one or more security standards and regulations – PCI, HIPPA and SOX, to name a few. In the European Union, the GDPR (General Data Protection Regulation) will take effect May 25, 2018. MariaDB TX is engineered for security, whether it’s encryption and key management for PCI compliance or pseudoanonymization (i.e., data masking) for GDPR compliance.

Datasheet: Addressing GDPR with MariaDB TX

Webinar Recording

MariaDB TX: enterprise security and personal data protection

This webinar walks through all of the security features available in MariaDB TX, from encrypting client connections to blocking or accepting queries to stopping denial of service attacks with query result limiting.

Watch the recording to:

  • Discover the latest security features in MariaDB TX 3.0
  • Understand how to protect personal and/or sensitive data
  • Learn to how to fully secure a MariaDB TX deployment