MySQL Read-Only column based

Question

I want to lock some fields/columns in a MySQL-Database, is this somehow possible?

Backgorund: We are using Revive also known as OpenX (of course the latest version) but it get hacked all the time. Especially the fields prepend and append in the ox_zone table.

What we already did to secure the system:

• The Adserver is on a different Server
• The Backend is not at the default location anymore
• The Backend is secured by an .htaccess and .htpasswd
• We removed all install files
• We check the Core-Files every minute with the remote Git-Repo to ensure that we dont have compromised files (unauthorized file changes)
• We removed the file: adxmlrpc.php Because its known as entry point for attackers
• And some nice other tricks which I dont remember now...

But still sometimes the columns prepend and append are compromised, so I thought it would be great if we could lock these fields or set them to read only.

But I am of course up for any other solution.

Answer 1

You can set privileges on the column-level (and therefore only grant SELECT and INSERT) to the user that needs to be on read-only :

GRANT SELECT (column), INSERT (column) ON table TO user;

By replacing column, table and user with the appropriate values. GRANT documentation

You also need to be sure not to grant higher levels (table, data or global) privileges otherwise it would override the table-level privilege.

Best,