Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 10 of 316 10 Older Entries

Displaying posts with tag: Security (reset)

Keyring framework
Employee_Team +1 Vote Up -0Vote Down

Security these days is bigger than ever. This statement needs no proof. It seems like it is getting easier and easier to get access to ‘secure data’. As system grows it becomes really hard to secure all endpoints. This is why encrypting data is now the hot topic in the database world.…

Properly removing users in MySQL
+0 Vote Up -1Vote Down

Removing users in MySQL is an easy task, but there are some drawbacks to check carefully before dropping a user. Not taking these possible issues into consideration can render your application unusable.

First it is important to understand the concept of user in MySQL. A user has three main functions: authentication, privileges and resources. This is different from other databases: in MySQL users don’t own objects. An object belongs to a database and there is no direct relationship between objects and users. This simplifies the process of deleting a user because no objects will be erased.

But users, as I wrote before, have an associated set of …

  [Read more...]
MariaDB AWS Key Management Service (KMS) Encryption Plugin
+1 Vote Up -0Vote Down

MariaDB 10.1 introduced Data at Rest Encryption. By default we provide a file_key_management plugin. This is a basic plugin storing keys in a file that can be itself encrypted. This file can come from a usb stick removed once keys have been brought into memory. But this remains a basic solution not suitable for security [...]

Securing your MySQL server
+0 Vote Up -0Vote Down

After installing a MySQL database server, like the one I posted earlier, if it's going to be a production environment than you should consider securing the instance by eliminating some of the basic vulnerabilities that come with a generic install. Fortunately MySQL and MariaDB already come with a tool for that purpose, called mysql_secure_installation. This program enables to perform the

Creating user accounts on a secured MySQL server
+0 Vote Up -0Vote Down

After installing a MySQL database server and securing that installation with the mysql_secure_installation tool, you are locked out from remote access to perform any operation on the server. Since we all like the 'R' in RDBMS to stand for remote as well as relational, let's see how we can configure user credentials to provide remote access to the database server but still keep those credentials

MySQL - basic network security
+0 Vote Up -0Vote Down

Having secured our MySQL server and created a personal account to allow for remote administration, we can take one step further on blocking unwanted access to our database server. For this example, we'll continue to use the Ubuntu 14.04.2 LTS Server installed and configured on the previous posts. After booting up the server, running a network check for connections, lists our server listening on

New MySQL Online Training
+3 Vote Up -0Vote Down

Oracle University recently unveiled a new online training offering – the MySQL Learning Subscription.  The combination of freely-accessible and compelling paid content makes this an exciting development to me, and should prove valuable to the community and customer base alike.  This post will briefly explore this new MySQL educational resource.

Organization

The subscription content is organized into topical “channels”.  Current top-level channels are:

  [Read more...]
SQL Injection with MySQL SLEEP()
+0 Vote Up -0Vote Down

Recently we’ve received an alert from one of our clients that running threads are high on one of their servers. Once we logged in, we noticed that all the selects were waiting for table level read lock. We scrolled through the process list, and found the selects which were causing the problems. After killing it, everything went back to normal.
At first we couldn’t understand why the query took so long, as it looked like all the others. Then we noticed, that one of the WHERE clauses was strange. There, we found a SLEEP(3) attached with OR to the query. Obviously, this server was the victim of a SQL injection attack.

What is SQL injection?

I think …


  [Read more...]
MariaDB itself is NOT affected by the DROWN vulnerability
+0 Vote Up -0Vote Down

Recently a serious vulnerability called DROWN was found. The vulnerability exists in systems that support SSLv2. There is flaw in SSLv2 that could be used to decrypt information over newer SSL protocols such as TLS. More information about the DROWN vulnerability with CVE number CVE-2016-0800 can be found here: The DROWN attack Mitre CVE dictionary […]

The post MariaDB itself is NOT affected by the DROWN vulnerability appeared first on MariaDB.org.

A safer MySQL box in Docker
+0 Vote Up -0Vote Down

The MySQL team has been maintaining a MySQL image on Docker. They have been listening to requests from the community and reacting quickly. So far, they have fixed two bugs that I reported and introduced a feature request that I suggested to make the server more secure.

Thanks, folks!

My latest request was about password management in a MySQL container. I have mentioned in previous posts the compatibility problems introduced by MySQL 5.7 security enhancements. Let me recap the main issues here:

MySQL …

  [Read more...]
Showing entries 1 to 10 of 316 10 Older Entries

Planet MySQL © 1995, 2016, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.