Securing MemSQL¶
MemSQL ships with security disabled by default, but it supports enough of the MySQL security protocol to enable simple user and host logins with passwords. By default, you can log into MemSQL with the root user and an empty password.
Host-Based Security¶
The best way to secure MemSQL is to use host-based security. Like MySQL, MemSQL supports the bind-address variable in memsql.cnf, which lets you specify the address on which the server socket binds. For example, if you set it to 127.0.0.1, you will only be able to connect to MemSQL locally.
You can also use a firewall to determine which hosts can access MemSQL. If you’re on Amazon EC2, you can configure security groups to limit the network by specifying allowed IP addresses or security groups.
Password-Based Security¶
MySQL security is a notoriously weak way to secure your database. However, MemSQL supports enough of the protocol to enable some features of security. Currently, only logins are supported. You can add a user with the GRANT syntax:
GRANT ALL ON *.* TO '<user>'@'<host>' IDENTIFIED BY '<password>' WITH GRANT OPTION
You can use the same command to change the password for an existing user. To remove a user, use the DROP USER command:
DROP USER '<user>'@'<host>'
For more information, visit Account Management.