Don’t share root user password and mysql.user table acess with anyone till you have full trust on it. Because that encrypted password is real password in MySQL so if anyone knows that than he/she can easily login with any user if he has access to his host. Check with “mysql -uroot ” command, If you … Continue Reading …

In this primer I will show how to improve the security of your MariaDB installation by using two-step verification and how to use it from your Windows GUI client.

Let’s suppose you have your data in MariaDB, installed, say, on Ubuntu. And your users connect to it to run ad hoc queries, using some sort of a Windows GUI client. You don’t want them to write the access password on post-it notes or have it auto-entered by the client. And you don’t want anyone see the password when one of the salespersons connects to the mother ship from his laptop in the Internet café. So you decide to use the two-step verification, just like Google does, to secure the access to the data.

If you don’t know what a “two-step verification” is, see, for example, this introductory video by Google.

So, 2-step verification looks great, but how …

For a work project, I wrote a library in perl that can be used to query the NVD feed that NIST publishes here:

http://nvd.nist.gov/download.cfm

Here’s a snippit from the perldoc:

use NIST::NVD::Query;
 
# use convert_nvdcve to generate these files from the XML dumps at
# http://nvd.nist.gov/download.cfm
 
my( $path_to_db, $path_to_idx_cpe ) = @ARGV;
 
my $q = NIST::NVD::Query->new( database => $path_to_db,
                               idx_cpe  => $path_to_idx_cpe,
                              );
 
# Given a Common Platform Enumeration urn, returns a list of known
# CVE IDs
 
my $cve_id_list = $q->cve_for_cpe( cpe => 'cpe:/a:zaal:tgt:1.0.6' );
 
my @entry;
 
foreach my $cve_id ( @$cve_id_list ){
 
  # Given a CVE ID, returns a CVE entry
 
  my $entry = $q->cve( cve_id => …

Percona just released their MySQL PAM Authentication insanity, just as Oracle did before, for MySQL 5.5 and MariaDB is no better.

The Oracle module requires a module to be loaded into your client, which is done automatically if the module is present and the server supports PAM auth. The module is called ominously "mysql_clear_password" and does what it says on the tin: Your database server access password is henceforth sent from the client to the server in clear, not encrypted, hashed, salted or otherwise protected.

I suppose the Percona module does the same, although it is not being mentioned in the docs at all (or at least I have not …

This week we have a big announcement about Sarah, 3 hosts and an extra special guest.

News
Call for papers for Percona Live: MySQL Conference & Expo 2012 is open until Monday, December 5th. The MySQL Conference & Expo is Tuesday April 10 - Thursday, April 12, 2012 in Santa Clara, CA.

To submit a paper, first register as a speaker at http://www.percona.com/live/mysql-conference-2012/user/register and then go to My Account -> Submit Proposal.

Main content
Previous podcasts about securing MySQL

read more

Linux, Apache, MySQL and PHP — altogether they mean LAMP. I’m not talking about watts and bulbs.

And if you desire is for a comprehensive, robust server, your IT infrastructure has to include all of these systems.

Monitis has put together a checklist of 101 actions you can take to maximize security around LAMP.  Hopefully we’re shedding a little light around this issue for you to give you some new ideas on how to make administering your system easier — so that, in turn, you can focus on more strategic tasks. You …

Download PDF Presentation

With the recent cyber attacks and breaches with data from large organizations including Sony, is your MySQL data safe? What are the best practices for securing and administering your MySQL environment? In this presentation we will cover the essential steps for better MySQL security. We will also cover the different installation and administration tasks necessary to ensure your data is managed.

Presenter: Ronald Bradford
Schedule: Insight Out DB Showcase. October 2011 …

We go over the open calls for papers, upcoming conferences, conversations with Oracle, and finish up our 2-part series on MySQL security.

Calls for papers:
Call for papers for Percona Live: MySQL Conference & Expo 2012 is open! They opened it on Friday, September 15th and the call will close on Monday, December 5th. The MySQL Conference & Expo is Tuesday April 10 - Thursday, April 12, 2012 in Santa Clara, CA.

To submit a paper, first register as a speaker at http://www.percona.com/live/mysql-conference-2012/user/register and then go to My Account -> Submit Proposal.

read more

News/Feedback
Collaborate Call for papers is open until Sunday October 14th - http://events.ioug.org/p/cm/ld/fid=15
Collaborate is an Oracle Technology and Applications conference put on by IOUG, OAUG and Quest. It is the largest independent Oracle conference, and we are planning on having a one-day track there. Collaborate is at the Mandalay Bay Convention Center in Las Vegas, Nevada from Sunday April 22nd - Thursday 26th, 2012.

Call for papers for Percona Live: MySQL Conference & Expo 2012 is open! They opened it on Friday, September 15th and the call will close on Monday, December 5th. The MySQL Conference & Expo is Tuesday April 10 - Thursday, October 12, 2012 in Santa Clara, CA.

read more

As per amorize.com MySQL.com was hacked and quote “infecting visitors with malware” .. true or false? …

More reading at krebsonsecurity.com too.