Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
10 Newer Entries Showing entries 31 to 40 of 266 10 Older Entries

Displaying posts with tag: Security (reset)

Understand and satisfy your AES encryption needs with 5.6.17
Employee_Team +3 Vote Up -0Vote Down

MySQL, starting from 4.0.2, had AES encryption and decryption functions. They are compiled with support for pure independent block by block encryption mode (ECB), using a 128 bit key.

128 bits is plenty enough! And sufficient for everybody! And who would even want to go to the trouble of dealing with initialization vectors? At least that’s what they probably thought when introducing these functions back in 2002 in MySQL 4.0.2.

But I believe in giving people a choice. Read below on why choice is important.

Does (key) size matter ?

The biggest threat that longer keys protect against is brute force …

  [Read more...]
Database security: Why should you review yours?
+0 Vote Up -0Vote Down

Ah database security… the black sheep of topics and something you would really rather not have to deal with right?

I mean surely all the fanfare and paranoia is reserved for the neck beards with tinfoil hats whom live in their own D.I.Y Faraday cage … that must be it … it just has to be?

No, the hard reality is the world is not rose tinted and “they” are out to get you be it for fun or for profit; from defacements to theft compromising your applications, and more importantly your data is big business. For some these acts are nothing short of sheer entertainment for an otherwise boring evening. …

  [Read more...]
MaxScale has now its own public irc channel
+1 Vote Up -0Vote Down

MaxScale is a Proxy for the MySQL protocol built with a modular architecture. The underlying concept of modules allows to extend the MaxScale proxy services. The current version implements Read Write splitting and Connection Load Balancing. Internally MySQL queries go through a SQL parsing phase. This gives MaxScale great capabilities regarding queries routing.

So if [...]

Recovering MySQL access
+1 Vote Up -0Vote Down

Ever found yourself working on a MySQL server where root’s password is unavailable? It has happened to me a few times, always because the person who set up the DB left the place long ago, and this information was not documented anywhere. If you have root access to the OS, MySQL lets you restart the […]

Related posts:

  1. Using MySQL Proxy to benchmark query performance By transparently sitting between client and server on each request,...
  [Read more...]
How to get MySQL Critical Patch Updates and Security Alerts notices
Employee +1 Vote Up -0Vote Down

Beware of bugs in the above code; I have only proved it correct, not tried it.
Donald Knuth

Bugs in software are a fact of life. MySQL, as part of Oracle, issues of Critical Patch Updates and Security Alerts notices. You may have seen Daniel van Eeden‘s blog on the January announcement.

Daniel’s summary:

For MySQL 5.6 you should upgrade to 5.6.15
For MySQL 5.5 you should upgrade to 5.5.35
For MySQL 5.1 you should upgrade to …


  [Read more...]
MySQL in Oracle Critical Patch Update Advisory January 2014
+0 Vote Up -0Vote Down

Oracle has released the Critical Patch Update (CPU) advisory for January 2014.

The affected MySQL products are:

  • Oracle MySQL Enterprise Monitor, versions 2.3, 3.0 
  • Oracle MySQL Server, versions 5.1, 5.5, 5.6

So this means that you should consider updating MySQL. For MySQL Enterprise the updates should be available on My Oracle Support and for the Community version the new versions are on the …




  [Read more...]
OurSQL Episode 164: Who's Doing What?
+0 Vote Up -0Vote Down

This week we talk about how to install and use the MariaDB Audit plugin, and what the audit log looks like. Ear Candy presents a gotcha with MySQL and temporary directories, and At the Movies is about using Dynamo for more than just a data store.

Events
DB Hangops - every other Wednesday at noon Pacific time

Upcoming MySQL events

Training
SkySQL Trainings



  [Read more...]
MySQL encryption performance, revisited
+1 Vote Up -0Vote Down

This is part two on a two-part series on the performance implications of in-flight data encryption with MySQL. In the first part, I focused specifically on the impact of using MySQL’s built-in SSL support with some rather surprising results. Certainly it was expected that query throughput would be lower with SSL than without, but I was rather surprised by the magnitude of the performance hit incurred at connection setup time. These results naturally lended themselves to some further investigation; in particular, I wanted to compare …

  [Read more...]
Auditing MySQL With Mcafee Audit Plugin
+0 Vote Up -0Vote Down

Send to Kindle

Audit MySQL isn’t an easy task by default, you can use some technics like tcpdump, write a parser for general log, use MySQL proxy, or you can use some of audit plugins available out there(Mcafee MySQL Audit Plugin or MySQL Enterprise Audit Log Plugin for example).

On this post I’ll cover the Mcafee MySQL Audit Plugin (https://github.com/mcafee/mysql-audit), on a follow-up post I’ll talk about MySQL Enterprise Audit Log Plugin.

The installation is easy and require just a few steps, I’m using MySQL 5.5 32 bits, so …

  [Read more...]
SSL Performance Overhead in MySQL
+1 Vote Up -0Vote Down

NOTE: This is part 1 of what will be a two-part series on the performance implications of using in-flight data encryption.

Some of you may recall my security webinar from back in mid-August; one of the follow-up questions that I was asked was about the performance impact of enabling SSL connections. My answer was 25%, based on some 2011 data that I had seen over on yaSSL’s website, but I included the caveat …

  [Read more...]
10 Newer Entries Showing entries 31 to 40 of 266 10 Older Entries

Planet MySQL © 1995, 2015, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.