Randomly generated password for mysql admin over time?
https://dba.stackexchange.com/questions/12640
-
16-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have this idea of making my database's Admin account secured by creating the following:
- Trigger is activated every hour in mysql this trigger activates a stored procedure
- Stored procedure generates a new password using md5(date()+pre shared key+rand())
- I have a application in vb that generates the same password every hour that I can then log into with.
However this is still just an idea and I don't know if this is possible, do you know if anyone has tried this?
Any links or reference material.
I was inspired by my friend who has a key that is generated in a little device thing that he hangs around his neck when he logs into a workstation, does anyone know what the this security procedure is called?
What are the limitations or problems that could occur? (server crash/restart)
Thanks!
Solution
Why would you want to do this? What risk does it mitigate?
This sounds like a great way to lock yourself out of your database in a way that requires downtime to recover. Limit your exposure by securing the servers with firewalls and SSH and keep MySQL authentication simple. If you are worried about brute force attacks from within your trusted network, set max_connect_errors to a low value so the remote host will get blocked. And don't use "root" as your root user. Disable that account and create a new super user with a different name.
That device that your friend has was likely built by RSA and is a SecurID tag which uses two-factor authentication to secure workstations. An enormous amount of R&D was built into that product. Your VB script will not have that luxury.
Quite simply, MySQL authentication is not hardened enough to warrant this type of infrastructure. An attacker worth his salt provided with access to an open MySQL port is going to look for more general exploits rather than waste time brute forcing.
Just off the top of my head, some of the problems with this:
What happens if your clocks get off by a minute or two? What if the job or trigger fails? How do you know what state your DB password is in. How do you generate the same random string within your VB script and on the server? How do you store the generated password securely?
Don't do it. Invest your effort into picking strong passwords (not l33tsp34k) and locking down the server itself rather than attempting to reproduce what a company with thousands of employees at their disposal has managed to do.
