Hi! 👋 We are doing a big documentation refresh. Help us improve — what's missing or could be better? Let us know! Simply send an email or start a conversation in Google Groups!

Security

ProxySQL provides multiple layers of security features to protect your database infrastructure.

Security Features

  • Firewall Whitelist — Explicitly permit specific queries per user and schema, blocking all others. Supports OFF, DETECTING, and PROTECTING modes.

  • SQL Injection Engine — Integrates libsqlinjection to detect potential SQL injection attacks by analysing query fingerprints.

  • SSL/TLS Configuration — Encrypt client-to-proxy and proxy-to-backend connections with TLS certificates. Supports frontend and backend SSL independently.

  • SPIFFE Authentication — Authenticate services using SPIFFE Verifiable Identity Documents (SVIDs) with configurable SPIFFE ID regex matching.

  • Audit Logging — Log connection events and query activity for compliance and forensics.