MySQL 5.7 aims to be the most secure MySQL Server release ever, and that means some significant changes in SSL/TLS.  This post aims to tie together individual enhancements introduced over the span of several Development Milestone Releases (DMRs) into the larger initiative.  In the simplest terms, we hope to have a minimal TLS configuration enabled by default, and for connections to prefer TLS by default.  Let’s dig into the various aspects of this:

Generation of TLS key material

MySQL Server has long supported TLS connections, yet very few deployments are actually configured to leverage this.  This is partly because creation of key material – the certificates and keys needed to establish TLS connections – is a multi-step, extra, manual process.  Basic TLS concepts have to be understood, third-party software …

When storing XML documents in a BLOB or TEXT column there was no way to create indexes on individual XML elements or attributes. With the new auto generated columns in MySQL 5.7 (1st Release Candidate available now!) this has changed! Let me give you an example. Let's work on the following table:

 mysql> SELECT * FROM country\G  
 *************************** 1. row ***************************  
 docid: 1  
  doc: <country>  
     <name>Germany</name>  
     <population>82164700</population>  
     <surface>357022.00</surface>  
     <city name="Berlin"><population></population></city>  
     <city …

Prior to MySQL 5.7, the CREATE USER command had a number of limitations:

• No way to set both authentication plugin and password
• No way to disable a user
• No way to define user resource limitations
• No way to set a non-default password expiration policy
• No way to require SSL/x509

All of these things could be done through other means, but typically involved other statements, such as GRANT commands.  Starting with MySQL 5.7.6, these can all be done through a new and improved CREATE USER syntax:

Passwords and authentication plugin

The most important aspect to me, from a security perspective, is the ability to now create user accounts with non-default authentication plugins (like sha256_password) and a non-blank password:

mysql> CREATE USER new@localhost
-> IDENTIFIED WITH sha256_password …

Auditing maybe the main part of a corporate structure that wants to know everything.
Searching for MySQL auditing plugins we come up to 3 known plugins:

1. MySQL Enterprise Audit (Official one from Oracle) – commercial

2. MariaDB audit plugin for MySQL (version 1.1.6) – free

3. McAfee MySQL audit  plugin – free

With a great happiness tried to test this plugins.

But wait i don’t want to crash my MySQL just want to install and use these plugins.
Let’s begin with MariaDB audit plugin for MySQL — at this time the latest version is 1.1.6
With a great effort in SkySQL site they provide us with a tutorial of how to activate this plugin. Check it: SkySQL Tutorial about Plugin

Followed all instructions from tutorial and got a …

#DBHangOps 04/14/15 -- Come Visit DBHangOps at Percona Live 2015!

Are you going to the Percona Live MySQL Conference and Expo 2015 this year? If so, mark your calendars for the #DBHangOps In Real Life Birds of Feather session!

We'll be meeting in Room 203 on Tuesday, April 14th, 2015 at 6:00pm pacific. Definitely pop by for an in-person meet and greet with some of the awesome folks that participate in our bi-weekly conversations and feel free to bring questions or your own experiences working with databases and MySQL!

Once more:
* What -- #DBHangOps In Real Life
* Where -- Room 203
* When -- Tuesday, April 14th, 2015 at 6:00pm …

MySQL has provided support for proxy users since version 5.5, but the roles-like capabilities offered have been largely unnoticed until recently.  Part of that has been due to limitations on which types of accounts could leverage proxy user capabilities.  This changes with the release of MySQL Server 5.7.7 (Release Candidate), which includes support for proxy user mapping for the standard mysql_native_password and sha256_password authentication plugins.  This post will introduce the new functionality and explain how to leverage it to emulate certain features …

The MySQL Development team is very happy to announce that MySQL 5.7.7, the first 5.7 Release Candidate (RC1), is now available for download at dev.mysql.com (use the “Development Releases” tab). You can find the full list of changes and bug fixes in the 5.7.7 release notes. Here are some highlights. Enjoy!

SYS Schema

Include SYS Schema in MySQL 5.7 (WL#8159) — This work by Mark Leith integrates the SYS Schema (formerly ps_helper) within the MySQL Server by default. The MySQL SYS schema project has …

A week from today I am speaking at Percona Live: MySQL Conference and Expo 2015.

Here is my talk:

• Assembling the perfect MySQL toolbox

My talk is for anyone who wants to make their life easier using MySQL tools. Rather than doing a deep dive on one or two tools, I will describe the methodology we've used at Flite to successfully integrate many different MySQL tools into our day-to-day workflow. The talk will take place Wednesday, April 15 at 3:30 PM in Ballroom E.

I most recently gave this talk at the San Francisco MySQL Meetup in February. If you are interested in my talk but won't be at Percona Live, you can find the video …

Dealing with the failure of a MySQL master is not simple.  The most common solution is to promote a slave as the new master but in an environment where you have many slaves, the asynchronous implementation of replication gets in your way.  The problem is that each slave might be in a different state:

some could be very close to the dead master, some could be missing the latest transactions, and

Last week, we introduced VividCortex support for Redis. One of the reasons we expanded our product capabilities is because of our own use of Redis. According to Baron, “We rely on Redis to help analyze the massive amounts of time-series data we receive from agents running on customer systems.” Let’s go a little deeper…

VividCortex keeps tables with all the known metrics and queries for many hosts measured at 1-second granularity. We use Redis to avoid repeating the “insert on duplicate update” into the metric/query tables. We are able to do this by keeping hourly buckets of seen queries and metrics. When a batch of metrics/queries arrive, before insert/updating them in the mysql tables, we check that we haven’t …