MySQL 8.0.19 introduced the ability to lock an account on a MySQL
instance after too many failed logins. This is not turned
on by default, the locking period is measured in days (more
below), and I would urge caution as not to 'denial of service'
yourself out of your server.
Syntax CREATE USER 'foobar'@'localhost'
IDENTIFIED by 'password'
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_LOCK_TIME 2;
DataAnd if you look at the mysql.user entry you will
see
User_attributes: {"Password_locking":
{"failed_login_attempts": 3,
"password_lock_time_days": 2}}
Example$mysql -u foobar -p
Enter password:
ERROR 1045 (28000): Access denied for user 'foobar'@'localhost'
(using password: YES)
$ mysql -u foobar -p
Enter password:
ERROR 1045 (28000): Access denied for user 'foobar'@'localhost'
(using password: …
For an encrypt only or decrypt/encrypt applications
The following is an example of how to allow applications to asymmetrically encrypt data using a public key. In MySQL 8.0.19 support for the SECRET datatype was added to our Keyring technology. With this technology, users can securely manage their own keys using:
Oasis KMIP protocol implementations:
[Read more]While testing in an orchestrator lab I saw that none of my Orchestrator on-raft nodes were coming online after a reboot.
This is the status report from SystemD.
$ sudo systemctl status orchestrator
* orchestrator.service - orchestrator: MySQL replication management and visualization
Loaded: loaded (/etc/systemd/system/orchestrator.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2020-04-03 09:30:05 UTC; 30s ago
Docs: https://github.com/github/orchestrator
Main PID: 957 (code=exited, status=1/FAILURE)
Apr 03 09:30:05 orchestrator-1 systemd[1]: Started orchestrator: MySQL replication management and visualization.
Apr 03 09:30:05 orchestrator-1 orchestrator[957]: 2020-04-03 09:30:05 ERROR dial tcp 127.0.0.1:3306: connect: connection refused
Apr 03 09:30:05 orchestrator-1 orchestrator[957]: 2020-04-03 09:30:05 FATAL dial tcp 127.0.0.1:3306: connect: connection refused
Apr 03 09:30:05 orchestrator-1 systemd[1]: …[Read more]
MySQL has the inbuilt query rewritten plugin for rewrite the SQL statements which received by the server before execute them .
- Before MySQL 8.0.12 , the query rewritten plugin only supports for SELECT’s
- From MySQL 8.0.12 , the query rewritten plugin will supports for INSERT , REPLACE, UPDATE, DELETE , SELECT .
One of our customer had the performance issue with the DELETE statements for particular table . The issue was happened after the new code deployment . In this blog, I am going to explain the implementation of the MySQL query rewrite plugin and how we overcome the issue using the MySQL query rewritten plugin .
MySQL Query rewritten plugin Implementation :
MySQL provides two SQL files for the installation / Uninstallation purpose . The files will be located under the directory “lc_messages_dir”
- The …
This is a three-part blog series. Part two is located here, and part three can be found here.
There was no reason to plan for it, but the load on your system increased 100%, 300%, 500%, and your MySQL database has to support it. This is a reality many online systems have to deal with these days. This series focuses on dealing with the unexpected high traffic event as it is happening.
There are also a lot of things you can do proactively, which we covered in “Prepare Your Databases for High Traffic on …
[Read more]We recently released an experimental version of percona-dbaas command-line tool with the goal of significantly simplifying the deployment of database instances in Kubernetes.
We have Kubernetes Operators for Percona XtraDB Cluster and Percona Server for MongoDB, which provide great flexibility, but they also come with the complexity of managing configuration and deployment files, so we wanted to make it even simpler to deploy database instances. We found it hard enough to get a MySQL instance up and running in Kubernetes, and then a whole different process to get MongoDB up, and we thought it should be a unified set of commands. This is how the percona-dbaas CLI tool was born. You can get more information on installation of the percona-dbaas-cli tool and in this …
[Read more]In this blog post, we talk about the basic function and features of the Tungsten Connector.
The Tungsten Connector is an intelligent MySQL proxy that provides key high-availability and read-scaling features. This includes the ability to route MySQL queries by inspecting them in-flight.
Connector Basics Understanding the Two Key Features
The most important function of the Connector is failover handling. When the cluster detects a failed master because the MySQL server port is no longer reachable, the Connectors are signaled and traffic is re-routed to the newly-elected Master node.
Next is the ability to route MySQL read-only queries to a slave (or the master, if no slave is …
[Read more]The Tungsten Connector is an intelligent MySQL proxy that provides key high-availability and read-scaling features. This includes the ability to route MySQL queries by inspecting them in-flight.
Tags: Clustering Connector Continuent MySQL
In this blog, we will test a new security feature added in ProxySQL 2.0.9. Since a time ago, we have had the ability to block queries using mysql_query_rules table matching a group of queries using reg exp like a blacklist. Check out a previous blog for how to config “ProxySQL Firewalling” using the mysql_query_rules table.
You can improve a whitelist using the mysql_query_rules table, but it is difficult if you have hundreds of queries.
ProxySQL 2.0.9 introduces two new tables for the firewall whitelist algorithm:
Admin> SELECT name AS tables FROM main.sqlite_master WHERE type='table' AND name IN ('mysql_firewall_whitelist_rules','mysql_firewall_whitelist_users') ORDER BY name;
+--------------------------------+
| tables | …[Read more]
My previous post related on how to install WordPress on Oracle Cloud seemed to be very popular. To continue the exploration of OCI, today we will install Drupal.
This time, even if it’s possible to use the Free Trier like in the WordPress post, I will use a pay account to have the possibility to split the Web Server and the Database into two different subnets. Both instances will have their own subnet and only the Webserver will be reachable directly from the Internet. MySQL will be installed on a private subnet that could reach Internet only via a NAT gateway.
This is an overview of the proposed architecture:
At the end of the blog you will also be able to see this process in video.
…
[Read more]