Passwords lists abound on the net. They exist to: Get a laugh out of silly passwords… 123456 anyone? Develop a dictionary file to check user passwords either for validation or cracking. From MySQL 5.6 the validate_password plugin has been available. … Continue reading →

In the second part of this series of DBA security tasks, we will continue to look at fixing mysql db users with an insecure setup. These are not tips that you read with your morning coffee and then forget about, … Continue reading →

MinervaDB Webinar – MySQL Backup Strategies and Tools 

Most often Database Systems outages happen due to user error and it is also the biggest reason for data loss / damage or corruption. In these type of failures, It is application modifying or destroying the data on its own or through a user choice. Hardware failure also contributes to database infrastructure crashes and corruption. To address these sort of data reliability issues, you must recover and restore to the point in time before the corruption occurred. Disaster Recover tools returns the data to its original state at the cost of any other changes that were being made to the data since the point the corruption took place. MinervaDB founder and Principal, hosted a webinar (Thursday, June 18, 2020 – 06:00 PM to 07:00 PM PDT) on MySQL backup strategies and tools addressing the topics below:

• Proactive MySQL DR – From strategy to execution
…

A long long time ago (in a galaxy far away… cue the music!) MySQL added support for an authentication plugin which is now known as mysql_native_password. The mysql_native_password plugin uses SHA1 hash to

• Store the password(SHA1(SHA1(password)) in mysql.user table
• Authenticate user

One of the good traits of this plugin is that it allows authentication using …

The RED Method (Rate, Errors, Duration) is one of the more popular performance monitoring approaches.  It is often applied to Monitoring Microservices though there is nothing that prevents it from being applied to databases like MySQL.

In Percona Monitoring and Management (PMM) v2 we have all the required information stored in the ClickHouse database, and with the built-in ClickHouse datasource it is a matter of creating a dashboard to visualize the data.

While I was editing the dashboard, I added a few other panels, beyond what RED Method requires, in order to show some of the cool things you can do with Grafana + ClickHouse data source and …

If you write MySQL queries, at some point you are going to have to provide query results in a specific order. To impose any ordering in MySQL (this applies to SQL overall and is not directed only at MySQL), you have to use the ORDER BY clause. Without it, there is no guaranteed order. The database is free to send back query results in any order. As I learn PHP, I make it a point to explore both the MySQL side, along with the PHP side in regards to similar type tasks and the efficiency of each. So far in my PHP journey, I have found that arrays are used quite extensively. In this post, I’ll cover array_multisort() – one of many in-built PHP functions – used for sorting arrays. In the context of the example data for this post, the arrays are populated by an unordered MySQL query. Let’s see one example of how you can establish a sorting order in a PHP …

Join Peter Zaitsev, CEO at Percona, as he discusses database challenges and the concepts of open source and open core. Over the years, open source companies have tried to bring products to market and maximize their revenue streams.  To date, the most popular open source business model remains “Open Core”.  But is open core software still open source?  Or is it a freemium model designed to separate you from your money?  Not all companies follow the same processes, ethics, and rules when building and launching open source products.  Let’s talk about how the open core bait and switch works for many companies in the open source space.

Join this webinar to learn more about:

– Open Source and Open core distinction
– Free enterprise-class community versions alternatives
– Use-cases that successfully moved away from vendor lock-in

Please join Peter …

In most cases, MySQL password instructions provide information on changing MySQL user passwords on the production system (e.g., reset root password without restart). It is even recommended to change passwords regularly for security reasons. But still, sometimes DBA duties on legacy systems offer surprises and you need to recover the original password for some old users.

There is no magic: as long as only hashes are stored and not the original passwords, the only way to recover the lost password is to brute force it from the known hash.

Note on Security and mysql-unsha1 Attack

Interestingly, if a hacker has access to password hash and can sniff mysql traffic, he doesn’t need to recover a plain text password from it. It doesn’t matter how strong the password and how strong the hashing …

MySQL Backup and Disaster Recovery Webinar (Thursday, June 18, 2020 – 06:00 PM to 07:00 PM PDT)

There can be several reasons for a MySQL database outage: hardware failure, power outage, human error, natural disaster etc. We may not be able prevent all the disaster from happening but investing on a robust disaster recovery plan is very important for building fault-tolerant database infrastructure operations on MySQL.  Every MySQL DBA is accountable for developing a disaster recovery plan addressing data sensitivity, data loss tolerance and data security. Join Shiv Iyer, Founder and Principal of MinervaDB to lean about the best practices for building highly reliable MySQL DR strategy and operations on Thursday, June 18, 2020 – 06:00 PM to 07:00 PM PDT. Building DR for a high traffic MySQL database infrastructure means deep understanding of multiple backup strategies and choosing optimal ones which are best suited for performance …

Day-to-day database operation requires, from an administrator, deep knowledge of db internals and security issues, in particular things like SQL injections. In order to prevent such kind of an attack, we have included go-sql-driver into our code for secure placeholder escaping.

Unfortunately, not all cases are secured by the driver.

In case we are using the standard driver for working with MySQL, if we need to pass a variable to the database query, we use a placeholder “?” in order for the server to understand that it needs to process the incoming variable to avoid injection. It works fine with just regular SELECT/INSERT/UPDATE statements, but, unfortunately, MySQL server is not able to process all types of queries.

For example:

db.Exec("CREATE USER ?@? IDENTIFIED BY ?", name, host, pass)

This query will return an error from the …