Performance vs. security: Implementing an immutable database in MySQL

Abstract

Maintaining transactional history is crucial to unraveling the changes any unauthorized user makes to a system, and this logging database is often a prime target for attackers. One common approach to maintaining this security is through an immutable database. There are many ways to implement such a database which maintains appropriate security requirements, each ranging in the complexity and effort required to configure. What remains constant amongst all the methods is that the database is available only to a restricted, defined set of users and that records may only be inserted and not updated or deleted to maintain a proper history. We demonstrate two of these methods in the MySQL database system and compare performance and capabilities amongst them.