0

So the question is simple. Does making strange column or database names in MySQL increase its security?

Anders
  • 64,406
  • 24
  • 178
  • 215
Hi Guys
  • 1
  • Also: See http://security.stackexchange.com/questions/136045/should-company-protect-db-schema-at-the-same-level-of-the-data-itself/136068#136068 – Marcus Müller Dec 20 '16 at 17:23

3 Answers3

2

No. If you can read the MySQL schema tables, you can extract the names anyway, and the schema tables have fixed names.

Work on preventing SQL injection through the use of parameterised queries and other well documented techniques, and it doesn't matter if your table and column names are predictable.

Matthew
  • 27,233
  • 7
  • 87
  • 101
2

Do not even consider that! It is nothing more than security by obfuscation. It is even worse here, because knowing the table or columns names does not help an attacker until he can access the database at the SQL level, and once it is there he can trivially list everything.

Of course he will not be able to guess easily what is behind each column, but it could be enough for him to erase or change your data...

And strange names will mainly make harder future maintenance on the database or any application using it, which would be definitely bad.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
2

Security by obscurity is never a good idea, and in this specific case, the obfuscation of names of databases, tables, fields, and other database objects will just make software development more difficult.

David Spenard
  • 141
  • 4