Dual-password capability makes it possible to seamlessly perform credential changes without downtime.

The post MySQL Security - Dual Password Support first appeared on dasini.net - Diary of a MySQL expert.

DBA can configure user accounts such that too many consecutive login failures cause temporary account locking.

The post MySQL Security - Failed-Login Tracking and Temporary Account Locking first appeared on dasini.net - Diary of a MySQL expert.

MySQL 8.0 has introduced an optional behavior that authorize users to change their password only if they could provide the current password.

The post MySQL Security - Password Verification-Required Policy first appeared on dasini.net - Diary of a MySQL expert.

MySQL provides password-reuse capability, which allows database administrators to determine the number of unique passwords a user must use before they can use an old password again.

The post MySQL Security - Password Reuse Policy first appeared on dasini.net - Diary of a MySQL expert.

MySQL provides password-expiration capability, which enables database administrators to require that users reset their password.

The post MySQL Security – Password Expiration Policy first appeared on dasini.net - Diary of a MySQL expert.

MySQL has the capability of generating random passwords for user accounts, as an alternative to requiring explicit administrator-specified literal passwords.

The post MySQL Security - Random Password Generation first appeared on dasini.net - Diary of a MySQL expert.

MySQL Enterprise Data Masking and De-Identification hides sensitive information by replacing real values with substitutes in order to protect sensitive data while they are still look real and consistent.

Requirement 6 of PCI DSS v1.2 states that in order to be compliant, an organization must: “Develop and maintain secure systems and applications” “Unscrupulous individuals use security vulnerabilities to gain privileged access to systems. Many of these vulnerabilities are fixed by vendor- provided security patches, which must be installed by the entities that manage the [...]

Requirement 4 of PCI DSS v1.2 states that we must: “Encrypt transmission of cardholder data across open, public networks” Specifically, “Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols can be continued targets of malicious individuals who [...]

Requirement 3 of the PCI DSS v1.2 is: “Protect Stored Cardholder Data” As vague as that sounds, the PCI DSS enumerates exactly what that covers: Data Element Storage Permitted Protection Required PCI DSS Req 3.4 Primary Account Number Yes Yes Yes Cardholder Name* Yes Yes No Service Code* Yes Yes No Expiration Date* Yes Yes [...]