Just a small note to advise that Securich reached 0.1.4.
Some new tools include:
* Added Password complexity
* Enhanced `set_password` – Old password is now necessary to replace it by a new one
* Enhanced Revoke privileges to accept regexp
* Added Block user@hostname on a database level
* Added Creation of reserved usernames
* Added Help stored procedure displays help for each stored proc
* Enhanced `create_update_role` to include the removal of privilages from roles
* Enhanced `grant_priveleges` on `alltables` for a database without tables would terminate with an error instead of gracefully (now fixed)
* Added Restore user@hostname on a database level
* Removed ’show warnings’ from sql installation

The database design using workbench is also available in the db folder (for easier understanding of what lies …

1. Defragging the Stimulus -- each [recovery] site has its own silo of data, and no site is complete. What we need is a unified point of access to all sources of information: firsthand reports from Recovery.gov and state portals, commentary from StimulusWatch and MetaCarta, and more. Suggests that Recovery.gov should be the hub for this presently-decentralised pile of recovery data.
2. Memetracker -- site accompanying the research written up by the New York Times as Researchers at Cornell, using powerful computers and clever algorithms, studied the news cycle by looking for repeated phrases and tracking their appearances on 1.6 million …

A couple of  weeks ago I got an unhappy email from my web hosting provider telling me I was in violation of their Terms of Service. Of course I called them immediately and was told that there was a “phishing page” hidden in one of my web directories. My blog had been hacked, so I immediately started doing some house cleaning.

After the initial once over and deletion of any suspicious files I went looking for advice on how to “harden my installation”. Here’s what I found:

• Wordpress.org Codex Hardening Wordpress - Lots of good information here on hardening Wordpress including a general overview of Wordpress security considerations.
• …

This blog post was inspired by a recent report of a Database Analyst at American Express stealing Credit Card data.

It’s amazing how many companies still follow a mainly “perimeter security” approach when it comes to controlling access to sensitive information—their focus is on network security using firewalls, advanced authentication options, and so on. Even with such measures, it’s very common to setup strong barriers to the outside world but very little by way of internal limits; most internal people have some level of access to servers that store and process sensitive data.

Well, there’s nothing wrong with pre-screening your stuff, or having access to the sensitive information, or setting up advanced …

I would like to start off by excusing myself for having had a broken link on http://www.securich.com/downloads.html when I published the latest blog post about Securich.

The tool is downloadable from there and anyone can use it for free in accordance to GPLv2.

I wanted to throw out tutorial about how to install it and use it (Note this tutorial is for version securich version 0.1.2):

This is sort of a self-documenting post, and a self-support group about ill-behaved tomcat apps. Sometimes, you have multiple nodes accesing your MySQL server (or any kind of server, for that matter) concurrently. Eventually, software in one or more of these nodes might do nasty things (you know who you are buddy:)) MySQL provides a … Continue reading iptables trick to limit concurrent tcp connections →

Related posts:

1. Using MySQL Proxy to benchmark query performance By transparently sitting between client and server on each request,...

YARPP powered by AdBistroPowered by

This is the 150th edition of Log Buffer, the weekly review of database blogs. Someone accidentally left Dave Edwards‘ cage unlocked, and he escaped, thus leaving me with the pleasurable duty of compiling the 150th weekly Log Buffer.

Many people other than Dave are finding release this week. Giuseppe Maxia explains some details of MySQL’s New Release Model. Andrew Morgan announces a New MySQL Cluster Maintenance Release. Aleksandr Kuzminsky of the MySQL Performance …

Lately there has been quite some talk about security on MySQL, and I've decided to GPL a package I wrote, implmenting Roles on MySQL. This technology has been available on other databases for quite some time, but hasn't quite yet made it to MySQL's feature list and apart from this tool, the only solution I know of is google's patches for MySQL 5.0.

Lenz Grimmer recently wrote two blogs about password security on MySQL. Both are worth reading in detail. You’ll find them in Basic MySQL Security: Providing passwords on the command line and More on MySQL password security.

Although I wrote a comment on the latter one, there is one point I thought was worth its own blog.

GRANT … IDENTIFIED BY PASSWORD…

You can work around having to specify the password in the open following these steps:

1. Use a local or non-public instance (for example using MySQL Sandbox) to define the user / password combination you need:

   CREATE USER 'name'@'host' IDENTIFIED BY 'secret';

2. Use SHOW GRANTS to …

My last post about Basic MySQL Security generated a number of interesting comments, thanks for all your feedback! I'd like to address a few points that were mentioned there:

While the problem seems to be a non-issue on Linux, Keith Murphy stated that the password might still be visible on other Unix operating systems (e.g. Solaris), as described in Bug#11952 in our bug database. According to the bug report, it depends on the implementation of "ps" — there seems to be a BSD variant (/usr/ucb/ps) as well as a SysV implementation (/usr/bin/ps).

…