MariaDB prioritizes data security, combining robust data protection measures with proactive threat detection and prevention capabilities. Our database meets rigorous industry-specific security standards, including a United States Department of Defense (DOD) approved Security Technical Implementation Guide (STIG). Learn more about our commitment to security and compliance at our Trust Center.
Comprehensive Approach to Data Security
MariaDB is committed to protecting customer data with a robust, end-to-end security strategy that encompasses access controls, network isolation, secure development practices and data encryption.
Access Control and Monitoring
Strict authentication
MariaDB teams utilize centralized authentication with multi-factor authentication (MFA) for all maintenance and support operations, including LDAP, SSH passwords, one-time passwords and two-factor authentication via Google Authenticator.
Secure configurations
On-premises deployments of MariaDB Enterprise Server can be configured with secure settings based on industry best practices and documented PCI and STIG guidelines. Granular access is granted based on user roles and responsibilities through role-based access control (RBAC).
Data Protection
End-to-end encryption
MariaDB employs state-of-the-art encryption to protect customer data both at rest and in transit. Data stored in tables and binary logs is encrypted with advanced encryption standard (AES) algorithms.
Storage engine encryption
MariaDB Enterprise Server’s storage engine can encrypt data before writes and decrypt during reads, ensuring data remains encrypted except when accessed directly through the server.
Disaster Recovery and Continuous Availability
Cyberattack protection
Malicious attacks, such as denial of service (DoS) and distributed denial of service (DDoS), are blocked with features such as filtering mechanisms and user-specific resource limits on connections, queries, etc.
High availability
MariaDB MaxScale, an advanced database proxy, supports replication and clustering for automatic failover and enhanced availability.
Synchronous multi-master replication
MariaDB Cluster (powered by Galera) ensures that all nodes in the cluster have the same and latest data, eliminating data loss in case of a node failure. It also ensures automatic failover with continuous availability.
Infrastructure and Network
Restricted access
Database access is limited to private network connections and customer-allowlisted IP addresses, with encrypted connections enforced through firewall rules.
Data in transit
All network traffic is encrypted using transport layer security (TLS).
Secure Development Life Cycle (SDLC)
Security by design
MariaDB incorporates security considerations throughout the entire development lifecycle, from design to deployment.
Rigorous testing
MariaDB Enterprise Server undergoes extensive quality assurance testing to ensure reliability and stability for production environments.
Long-term support
Critical features and bug fixes are backported to provide long-term stability and support for MariaDB Enterprise Server.
Reporting Security Concerns
To report a security vulnerability, please refer to our vulnerability reporting procedures.
