Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
10 Newer Entries Showing entries 61 to 70 of 270 10 Older Entries

Displaying posts with tag: Security (reset)

MySQL 5.6: Security through Complacency?
+2 Vote Up -0Vote Down

MySQL 5.6 introduces a number of new features designed to improve the security of MySQL. There's the new master_info_repository variable that lets you store replication connection information in a table instead of a lowly text file, new warnings telling users that they should use SSL/TLS, there is a new option to give replication user & password with START SLAVE instead of CHANGE MASTER, and there's mysql_config_editor to encrypt passwords. The problem with these features is that they are a form of Security through Complacency: these things make you feel more secure, but the realistic benefits disappear …

  [Read more...]
How MySQL 5.6 handles passwords more securely
+1 Vote Up -0Vote Down

There are many thing changed in MySQL 5.6 which are related to passwords:

  • There is a new password hash algorithm (SHA-256)
  • There is obfuscation for passwords with the .mylogin.cnf file.
  • The option to store slave passwords in a database table.
  • It's now possible to supply a password to START SLAVE.

But that's not what this blog post is about.

This blog post is a great new feature: Hiding passwords from your log files, automatically.

MySQL 5.6 will by default hide passwords from the general log. This is not just obfuscation as only the one-way hash will be …




  [Read more...]
Saving $1,100 Simply by Clicking Faster – Collaborate 13 IOUG Forum Discounts exp. 3/6/2013
+0 Vote Up -0Vote Down

Take 50% Off COLLABORATE 13 Now Through Wednesday But you’ve got to act fast! If you’re not already one of the many joining the IOUG at COLLABORATE 13 – IOUG Forum, sign up today for your chance at attending for … Continue reading →

About MySQL 5.6
+14 Vote Up -2Vote Down

I am very excited and thrilled to use the latest release of MySQL 5.6 in production. This is probably the most notable and innovative release in many years, if not ever.

During the last year, we had the chance to work with many new features and test the fixes to old issues. To be honest, I was expecting to have MySQL 5.6 GA before now, and I even wagered with my colleague Francisco that it would be out before the end of 2012. It was nothing special, just a beer in the Santa Clara Hyatt lounge. Unfortunately for me, MySQL 5.6 is now in GA and given that it happened in 2013, I lost the bet and now have to pay for that beer. But I have also lost the full …

  [Read more...]
MySQL Security: Overview of MySQL security features
+0 Vote Up -0Vote Down

In a world driven by computers, most companies rely on systems that are entirely built around databases. Losing data, or even as little as losing the full control over it, could bring any business down. Frequently databases hold sensitive information such as personal details, transaction statements, credit card data – among many other things. This is also why running certain types of databases is regulated in many countries by local as well as international laws – especially in Europe.

What is at stake?

  • Availability. When a database or data disappear, business stops. Assuming you have working …
  [Read more...]
Hardening MySQL, FOSDEM 2013 – Improving MySQL security
+3 Vote Up -0Vote Down

If for any reason you couldn’t attend my talk at FOSDEM earlier today on improving MySQL security, I have already uploaded the slides. You can download them from here.

Unbreakable MySQL?
+13 Vote Up -8Vote Down

I’m getting more and more concerned about the current Oracle approach to MySQL security. And the fact that I was solely responsible for the security@mysql.com for about ten years, doesn’t make it easier, on the contrary, it only emphasizes changes in the attitude.

Starting from the obvious — somewhat slower response to critical bug fixes, which can be expected, Oracle is a big company, right? Very little information about security vulnerabilities is disclosed, CPUs are carefully stripped from anything that might help to understand the problem, it takes …

  [Read more...]
Avoid clear text passwords in MySQL logging.
+3 Vote Up -0Vote Down

What happens when you use the PASSWORD() function to insert a password hash into a table?

  • The hash will be written to the table
  • The password might be written in clear text to the binlog
  • The password might be written in clear text to the general log
  • The password might be written in clear text to the slow query log

The query

mysql [localhost] {msandbox} (test) > INSERT INTO testpwd(pwd) VALUES(PASSWORD('secret_password'));
Query OK, 1 row affected (0.00 sec)


The General log

130128 16:04:41     1 Query …






  [Read more...]
Fatal Half-measures in Incident Response
+1 Vote Up -1Vote Down

CSO Online writes about a rather sad list of security breaches at http://www.csoonline.com/article/721151/fatal-half-measures-in-incident-response, and the half-hearted approach companies take in dealing with the security on their networks and websites.

What I find most embarrassing is that it appears (judging by the actions) that many companies have their lawyers do some kind of borked risk assessment , and decide that they can just leave things as-is and yell foul when there’s a breach. After all, particularly in the US …

  [Read more...]
Achieve the Highest Levels of MySQL Scalability, Security & Uptime
Employee_Team +2 Vote Up -0Vote Down

Oracle's MySQL Enterprise Edition includes the most comprehensive set of advanced features, management tools and technical support to help you reduce the cost, risk & time to deploy and manage your MySQL applications.

Access our Resource Kit to discover:

  • How to boost scalability by 20x with MySQL Enterprise Scalability
  • How to …
  [Read more...]
10 Newer Entries Showing entries 61 to 70 of 270 10 Older Entries

Planet MySQL © 1995, 2015, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.