Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
10 Newer Entries Showing entries 61 to 70 of 267 10 Older Entries

Displaying posts with tag: Security (reset)

About MySQL 5.6
+14 Vote Up -2Vote Down

I am very excited and thrilled to use the latest release of MySQL 5.6 in production. This is probably the most notable and innovative release in many years, if not ever.

During the last year, we had the chance to work with many new features and test the fixes to old issues. To be honest, I was expecting to have MySQL 5.6 GA before now, and I even wagered with my colleague Francisco that it would be out before the end of 2012. It was nothing special, just a beer in the Santa Clara Hyatt lounge. Unfortunately for me, MySQL 5.6 is now in GA and given that it happened in 2013, I lost the bet and now have to pay for that beer. But I have also lost the full …

  [Read more...]
MySQL Security: Overview of MySQL security features
+0 Vote Up -0Vote Down

In a world driven by computers, most companies rely on systems that are entirely built around databases. Losing data, or even as little as losing the full control over it, could bring any business down. Frequently databases hold sensitive information such as personal details, transaction statements, credit card data – among many other things. This is also why running certain types of databases is regulated in many countries by local as well as international laws – especially in Europe.

What is at stake?

  • Availability. When a database or data disappear, business stops. Assuming you have working …
  [Read more...]
Hardening MySQL, FOSDEM 2013 – Improving MySQL security
+3 Vote Up -0Vote Down

If for any reason you couldn’t attend my talk at FOSDEM earlier today on improving MySQL security, I have already uploaded the slides. You can download them from here.

Unbreakable MySQL?
+13 Vote Up -8Vote Down

I’m getting more and more concerned about the current Oracle approach to MySQL security. And the fact that I was solely responsible for the security@mysql.com for about ten years, doesn’t make it easier, on the contrary, it only emphasizes changes in the attitude.

Starting from the obvious — somewhat slower response to critical bug fixes, which can be expected, Oracle is a big company, right? Very little information about security vulnerabilities is disclosed, CPUs are carefully stripped from anything that might help to understand the problem, it takes …

  [Read more...]
Avoid clear text passwords in MySQL logging.
+3 Vote Up -0Vote Down

What happens when you use the PASSWORD() function to insert a password hash into a table?

  • The hash will be written to the table
  • The password might be written in clear text to the binlog
  • The password might be written in clear text to the general log
  • The password might be written in clear text to the slow query log

The query

mysql [localhost] {msandbox} (test) > INSERT INTO testpwd(pwd) VALUES(PASSWORD('secret_password'));
Query OK, 1 row affected (0.00 sec)


The General log

130128 16:04:41     1 Query …






  [Read more...]
Fatal Half-measures in Incident Response
+1 Vote Up -1Vote Down

CSO Online writes about a rather sad list of security breaches at http://www.csoonline.com/article/721151/fatal-half-measures-in-incident-response, and the half-hearted approach companies take in dealing with the security on their networks and websites.

What I find most embarrassing is that it appears (judging by the actions) that many companies have their lawyers do some kind of borked risk assessment , and decide that they can just leave things as-is and yell foul when there’s a breach. After all, particularly in the US …

  [Read more...]
Achieve the Highest Levels of MySQL Scalability, Security & Uptime
Employee_Team +2 Vote Up -0Vote Down

Oracle's MySQL Enterprise Edition includes the most comprehensive set of advanced features, management tools and technical support to help you reduce the cost, risk & time to deploy and manage your MySQL applications.

Access our Resource Kit to discover:

  • How to boost scalability by 20x with MySQL Enterprise Scalability
  • How to …
  [Read more...]
MySQL security tasks easily solved with common_schema
+1 Vote Up -0Vote Down

Here are three security tasks I handled, which I'm happy to say were easily solved with common_schema's views and routines (with no prior planning). Two are so easy, that I actually now integrated them into common_schema 1.3:

  • Duplicate a user (create new user with same privileges as another's)
  • Find users with identical set of grants (same roles)
  • Finding redundant users (users who only have privileges on non-existing objects); I was approached on this by Sheeri K. Cabral from …
  [Read more...]
common_schema: 1.3: security goodies, parameterized split(), json-to-xml, query checksum
+1 Vote Up -0Vote Down

common_schema 1.3 is released and is available for download. New and noteworthy in this version:

  • Parameterized split(): take further control over huge transactions by breaking them down into smaller chunks, now manually tunable if needed
  [Read more...]
Using a password is insecure, but no password is OK?
+4 Vote Up -0Vote Down

I have been preaching since 2003 that the default deployment of MySQL (where root can access without password) should be changed to something more sicure.

Yet, MySQL 5.6 still uses the same defaults.

$ mysql --no-defaults -u root --port=5000 -h 127.0.0.1
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.9-rc MySQL Community Server (GPL)

Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their …











  [Read more...]
10 Newer Entries Showing entries 61 to 70 of 267 10 Older Entries

Planet MySQL © 1995, 2015, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.