Security
This page is part of MariaDB's Documentation.
The parent of this page is: MariaDB ColumnStore (Analytics)MariaDB Server (SQL Database Server)MariaDB SkySQL previous releaseMariaDB SkySQL DBaaSMariaDB Xpand (Distributed SQL)
Topics on this page:
Overview
This documentation covers the previous release of SkySQL. A new SkySQL release is now available to explore.
MariaDB SkySQL incorporates features focused on enterprise governance, risk, compliance (GRC) and information security (infosec) requirements.
Portal Accounts
The SkySQL Portal is used to manage SkySQL services.
Authenticate to SkySQL using MariaDB ID, tied to social login or email account | |
Optionally, multiple SkySQL user accounts jointly maintain services under a single billing profile | |
Optionally, authenticate to SkySQL Portal with your SAML 2.0 IDP (identity provider) |
Database Accounts
Authentication to SkySQL services | |
Optionally, authenticate to SkySQL services using LDAP (Lightweight Directory Access Protocol) | |
Optionally, authenticate to SkySQL services with two-factor authentication |
IP Allowlisting
Control ability for an IP to access SkySQL Monitoring | |
Control ability for an IP to connect to a SkySQL service |
Security Controls
Default Security Controls
MariaDB SkySQL has been designed and built from the ground up to incorporate security features by default:
Access control with IP allowlisting
API keys for automation
Database user accounts and privileges
Portal user accounts
Server hardening
Shell access to database servers is not offered
Users cannot write to the server file system
Some standard MariaDB plugins can be installed using Configuration Manager
It is not possible to install additional plugins to the file system's plugin directory
Power Tier customers have dedicated Kubernetes clusters
For additional information on MariaDB security practices, see the MariaDB Trust Center.
Available Options
AWS PrivateLink, which can reduce the exposure of cross-region traffic from AWS to the public internet
VPC peering, which can reduce the exposure of cross-region traffic from GCP to the public internet
Backups, Disaster Recovery, Business Continuity
Compliance
Requirement | Available Offering |
---|---|
GDPR | |
HIPAA | |
ISO 27001 |