MySQL security control

I mean whatever there are unauthorized login attempted, it will lock down in a log and let us check.

then whenever some one changed password we can know that too.

what I need is who ever change the password and whoever attempt an unauthorized login, then we can see the log on when this happen and which account has this problem.

is there any function so that when this happen, we will receive an email about that ?

I am not sure if securich can actually do it,
with mysql alone, this is not possible, and I found no script/tool otherwise to do this.
you may enable the server error log, and put in place a parser/tail reader of that log to do the email sending for this ...

MySQL was initially designed to be a cut-down but: fast, resource light and free alternative to the likes of Oracle, BD2, Postgress, MS SQL.... It's got fatter over the years but still dosen't have many of the toy's the big boys have, including robust security and auditing. If these are a key then I'd suggest you switch RDBMS, if your only ticking boxes there are a number of third party auditing toy's / patches can complement securich (see first post above) e.g. http://www.fromdual.ch/mysql-logon-and-logoff-trigger-for-auditing 

But none will log failed login attempts.

someone tell me the general_log table can do it but it slow down the perfomrance a lot, right?

but will the tools:

1) http://www.fromdual.ch/mysql-logon-and-logoff-trigger-for-auditing 
2)http://code.google.com/p/securich/

slow down the MySQL these tools is getting information ?

I think that one is good; http://www.fromdual.ch/mysql-logon-and-logoff-trigger-for-auditing

Very sad about MysQL.

but one thing, can MySQL do something like in case someone update/insert/delete on some table only, we will know it immediatley from pure MySQL point of view?

we need to know
1) What table he/she is accessing.
2) What is the full command

Any apps we can make use of it if we really need to do it? securich seems only do it for login and logoff but not at table level.

It seems that MySQL can do table trigger:

https://dev.mysql.com/doc/refman/5.5/en/triggers.html

but not all version can do it, anyone know at least what version we can do that ?

By using select version(); the result return is 5.5.25-log, so we are using 5.5.25 ?

one more thing,

By doing the table triggering, can we also log down the full query that insert/delete/update is doing ?

See:
http://www.mydigitallife.info/how-to-read-mysql-binary-log-files-binlog-with-mysqlbinlog/
http://dev.mysql.com/doc/refman/5.0/en/mysqlbinlog.html

binary log only for transcation processed, right? So we need to find the user name and see the transaction he has performed
 ?

Per my post above the open / free edition of MySQL dosen't provide the functionality you require, well not yet, see slides 8 and 10.

So either switch DB engine, or have a look at paying for the Enterprise Edition with Audit options.

If you don't have the money, also have a look at the McAfee site.

arober11,

So it seems to me that the MySQL can but only with Enterprise edition with Audit option, right?

DBA100.

Possibly