With the recent cyber attacks and breaches with data from large organizations including Sony, is your MySQL data safe? What are the best practices for securing and administering your MySQL environment? In this presentation we will cover the essential steps for better MySQL security. We will also cover the different installation and administration tasks necessary to ensure your data is managed.
Presenter: Ronald Bradford
Schedule: Insight Out DB Showcase. October 2011 …
We go over the open calls for papers, upcoming conferences, conversations with Oracle, and finish up our 2-part series on MySQL security.
Calls for papers:
Call for papers for Percona Live: MySQL Conference & Expo
2012 is open! They opened it on Friday, September 15th and the
call will close on Monday, December 5th. The MySQL Conference
& Expo is Tuesday April 10 - Thursday, April 12, 2012 in
Santa Clara, CA.
To submit a paper, first register as a speaker at http://www.percona.com/live/mysql-conference-2012/user/register and then go to My Account -> Submit Proposal.
News/Feedback
Collaborate Call for papers is open until Sunday October 14th -
http://events.ioug.org/p/cm/ld/fid=15
Collaborate is an Oracle Technology and Applications conference
put on by IOUG, OAUG and Quest. It is the largest independent
Oracle conference, and we are planning on having a one-day track
there. Collaborate is at the Mandalay Bay Convention Center in
Las Vegas, Nevada from Sunday April 22nd - Thursday 26th, 2012.
Call for papers for Percona Live: MySQL Conference & Expo 2012 is open! They opened it on Friday, September 15th and the call will close on Monday, December 5th. The MySQL Conference & Expo is Tuesday April 10 - Thursday, October 12, 2012 in Santa Clara, CA.
As per amorize.com MySQL.com was hacked and quote “infecting visitors with malware” .. true or false? …
More reading at krebsonsecurity.com too.
I'm looking forward to the upcoming Message Systems User Conference next month in San Francisco, not only for what looks like an excellent venue, but for the great set of quality sessions on the agenda.
There's a number of sessions I'm looking forward to attending, but I'd like to invite you to attend the sessions I'll be delivering next month (read to the end to save on conference admission):
What the Convergence of Data Security & Privacy Concerns Will Mean to Companies
The barrage of news stories about data breaches and privacy violations is taking a toll on consumer confidence.
What You'll Learn:
MySQL 5.5 GA and MySQL 5.6 Development Milestone Releases have
delivered many new compelling features to the MySQL users and
community for testing, feedback and use.
In addition, commercial customers have access to a number of
commercial extensions already included in MySQL
Enterprise Edition:
• MySQL Enterprise Monitor
• MySQL Enterprise Backup
Continuing the business model of MySQL, we are adding three new
commercial extensions to MySQL Enterprise Edition:
MySQL 5.5 GA and MySQL 5.6 Development Milestone Releases have
delivered many new compelling features to the MySQL users and
community for testing, feedback and use.
In addition, commercial customers have access to a number of
commercial extensions already included in MySQL
Enterprise Edition:
• MySQL Enterprise Monitor
• MySQL Enterprise Backup
Continuing the business model of MySQL, we are adding three new
commercial extensions to MySQL Enterprise Edition:
OSCon Data and OSCon videos
The Technocation youtube playlist, as of the time of this
publishing has 18 videos, mostly from OSCon Data, is at http://www.youtube.com/playlist?list=PLE0AEC3980A198DA0
The O'Reilly YouTube playlist, as of the time of this publishing has 84 videos, from OSCon, OSCon Data and OScon Java, is at http://www.youtube.com/playlist?list=93FC98105B19725C
Note: There are no overlaps in the playlists, so that's over 100 videos from the week so far!
XKCD (as usual) makes a very good point – this time about password strength, and I reckon it’s something app developers need to consider urgently. Geeks can debate the exact amount of entropy, but that’s not really the issue: insisting on mixed upper/lower and/or non-alpha and/or numerical components to a user password does not really improve security, and definitely makes life more difficult for users.
So basically, the functions that do a “is this a strong password” should seriously reconsider their approach, particularly if they’re used to have the app decide whether to accept the password as “good enough” at all.
Update: Jeff Preshing has written an xkcd password generator. Users probably should choose their own four …
[Read more]
This is a response on MySQL security: inconsistencies and Less known facts about MySQL user
grants.
As far as I know the privilege to grant PROXY privileges is also
not very well understood. I blogged about that some time ago.
In addion to the already highlighted issues with GRANT
replication and grants can very well create an unwanted
situation:
master> SHOW GRANTS FOR 'user'@'host'\G[Read more]
*************************** 1. row ***************************
Grants for user@host: GRANT USAGE ON *.* TO 'user'@'host' IDENTIFIED BY PASSWORD …