Showing entries 41 to 50
« 10 Newer Entries
Displaying posts with tag: authentication (reset)
Tech Webinar: Security for Web Application

Wednesday January 27th, Join the Sun Startup Essentials Webinar on  Security for Web Applications.

A key success factor for Web startups is to protect their applications and data from different security threats. Join this webinar to learn about security challenges and about key solutions such as encryption, authentication, certificates, secure and fault-tolerant storage, chrooted environments. The Sun Startup Essentials experts will also cover how to implement these solutions at minimal cost by using standard and open components such as Apache, MySQL, ZFS and more.

Registration limited to members of the Sun Startup Essentials program.

Your company is less than 6 year and  150 employee: Join Sun Startup Essentials >>

Tech Webinar: Security for Web Application

Wednesday January 27th, Join the Sun Startup Essentials Webinar on  Security for Web Applications.

A key success factor for Web startups is to protect their applications and data from different security threats. Join this webinar to learn about security challenges and about key solutions such as encryption, authentication, certificates, secure and fault-tolerant storage, chrooted environments. The Sun Startup Essentials experts will also cover how to implement these solutions at minimal cost by using standard and open components such as Apache, MySQL, ZFS and more.

Registration limited to members of the Sun Startup Essentials program.

Your company is less than 6 year and  150 employee: Join Sun Startup Essentials >>

Tech Webinar: Security for Web Application

Wednesday January 27th, Join the Sun Startup Essentials Webinar on  Security for Web Applications.

A key success factor for Web startups is to protect their applications and data from different security threats. Join this webinar to learn about security challenges and about key solutions such as encryption, authentication, certificates, secure and fault-tolerant storage, chrooted environments. The Sun Startup Essentials experts will also cover how to implement these solutions at minimal cost by using standard and open components such as Apache, MySQL, ZFS and more.

Registration limited to members of the Sun Startup Essentials program.

Your company is less than 6 year and  150 employee: Join Sun Startup Essentials >>

MySQL anonymous accounts – User=”, Host=’%’ – CODE RED

I want to highlight the importance of reviewing mysql’s initial set of accounts.
Say you have a mysql on abc.def.ghi.jkl running on port 3306 anonymous account with privileges without a password, then:
1. mysql (if issued on localhost)
2. mysql -h abc.def.ghi.jkl
3. mysql -u ” -h abc.def.ghi.jkl
4. mysql -u ” -h abc.def.ghi.jkl -P 3306
5. mysql -u user_which_does_not_exist -h abc.def.ghi.jkl

will all manage to get into mysql given the way mysql authenticates users is against your username and client host from where you are connecting.

This verification is done versus the following columns in the mysql.user table, i.e., User,Host and Password columns.
An entry in the mysql.user table with the following values User=”, Host=’%’ will accept ANY user connecting from ANYWHERE in the world, thus disabling ANY security. Hence the reason for this blog post highlighting the importance …

[Read more]
’strings’ to the rescue

A broken VIEW was caused by the view’s definer being non-existent. In this particular system, backups are done by replicating all the machines (production, development, test, etc) to one server and doing cold physical backups off that server, which currently has 12 instances running.

So in order to find on what machine the user might still be defined, I went to the backup server. All the data directories are in one path, ie:

instance 1 has a datadir of /data/mysql/instance1
instance 2 has a datadir of /data/mysql/instance2

Now, the unix tool strings can be used against many types of files. In particular, though, you can use strings on the mysql/user.MYD file to see the username, host, and password hash. (note that strings only shows strings longer than 3 characters, so if your host or username is 3 characters or less, it will not show up in the output of strings. You …

[Read more]
MySQL Proxy: Roles

On the MySQL Proxy channel we get questions from time to time if the authentication can be intercepted and replaced data from a external source.

From now on, you can. For example if you want to get data from a external source (like LDAP) or want to implement roles.

Mapping Accounts to “Roles”

There isn’t much needed to implement Roles for MySQL with the help of the MySQL Proxy.

  • mysql.user doesn’t contain users, but roles instead
  • the proxy maps user-accounts to role-accounts with a script like above

It works like this:

  1. login to the proxy

     $ mysql --user=jan --password=secret --port=4040
    
  2. proxy looks up username password, finds a role for him

  3. proxy replaces credentials ad hoc

  4. mysql-server …

[Read more]
MEM and HTTP Proxy Not Compatible

A bug in libcurl affects how the heartbeat function of MySQL Enterprise Monitor works by sending it to an external website, often www.agent.com.

MEM and HTTP Proxy Not Compatible

A bug in libcurl affects how the heartbeat function of MySQL Enterprise Monitor works by sending it to an external website, often www.agent.com.

MEM and HTTP Proxy Not Compatible

A bug in libcurl affects how the heartbeat function of MySQL Enterprise Monitor works by sending it to an external website, often www.agent.com.

Generate a GnuPG key

to generate a gpg key, run the following:

gpg --gen-key

when that completes, run

gpg --list-keys

for instance, to get the key information from my pub key, I run:

$ gpg --list-keys cjcollier@mysql.com
pub 1024D/6CC27EA8 2001-04-27
uid C.J. Collier
uid C.J. Collier
uid C.J. Collier
uid [jpeg image of size 9187]

After you generate it, you should publish your public key:

gpg --keyserver pgp.mit.edu --send-keys

mine looks like this:

$ gpg --keyserver pgp.mit.edu --send-keys 6CC27EA8
gpg: sending key 6CC27EA8 to hkp server pgp.mit.edu

You can get my GnuPG key with the following command:

$ gpg --keyserver pgp.mit.edu --recv-keys 6CC27EA8

Let me know what your ID is when you complete this. When I see you
next, I'll sign your …

[Read more]
Showing entries 41 to 50
« 10 Newer Entries