Showing entries 1 to 10 of 16
6 Older Entries »
Displaying posts with tag: Database Administration & Monitoring (reset)
Convert private key generated via OCI Console to ppk

I am pretty new on the Oracle Cloud Infrastructure technology, so maybe I am talking about something you already know. But anyway I prefer to share this case: it can help if you encounter the same problem as me. Let’s take the risk to have too much information rather than nothing!

The problem

I was doing some tests on the new MySQL Database Service and during the setup I decided to generate my ssh keys via the OCI console:

When I tried to connect via PuTTY or MobaXterm to my compute instance using the opc account and my private key (generated previously), I got the following …

[Read more]
Installing MySQL Database Service (MDS)

On a previous blog post, we saw how to create an account on the Oracle OCI using the Oracle Cloud Free Tier offer and then how to instal MySQL Server on the Compute instance.
Some weeks later, the new MySQL Database Service (MDS) was out and I can show you now how to install and configure it.

We are talking about the MySQL 8.0 Enterprise Edition on the on Oracle Generation 2 Cloud Infrastructure. For the moment it’s only available on some of the data regions (Frankfurt and London for the EMEA zone), but normally others will be activated …

[Read more]
Installing MySQL Server on Oracle Cloud Infrastructure Compute

If you are thinking about to move your MySQL databases to the Cloud but you are still reticent, you can maybe use the “Oracle Cloud Free Tier” offer to test it.

Oracle Cloud Free Tier offers you 2 Oracle Autonomous Databases and 2 Oracle Cloud Infrastructure Compute VMs as Always Free services and in addition a 30-day Free Trial with US$300 in free credits.
On these VMs instances (provisioned and managed by Oracle Cloud Infrastructure Compute) you can install your MySQL server. Let’s see how…

Oracle Cloud account creation

Connect to the Oracle Cloud page and fill in your credentials:

[Read more]
Changes that I like in the new MySQL 8.0.21

A new release of MySQL was out on July 13 (8.0.21).
Among all the changes, there are some that I have already tested and that I really appreciate.

Who stopped the MySQL server?

In previous releases, I can already see in the error log file who stopped the MySQL server if this was done through the shutdown statement.
In MySQL 8.0.20:

mysql> shutdown;
Query OK, 0 rows affected (0.00 sec)
mysql> exit;
Bye
# tail -2 /u01/app/mysql/admin/mysqld2/log/mysqld2.err
2020-07-23T20:39:08.049064+02:00 9 [System] [MY-013172] [Server] Received SHUTDOWN from user root. Shutting down mysqld (Version: 8.0.20).
2020-07-23T20:39:09.796726+02:00 0 [System] [MY-010910] [Server] /u01/app/mysql/product/mysql-8.0.20/bin/mysqld: Shutdown complete (mysqld 8.0.20)  MySQL Community Server - GPL.

In MySQL 8.0.21:

mysql> …
[Read more]
The evolution of MySQL authentication mechanism

The authentication, the first level of security for each IT system, is the stage to verify the user identity through the basic username and password scheme. It is crucial to have a mechanism to protect and secure password storing and transmitting over network.

In MySQL, there is plenty of different authentication methods available, and last versions improved the security of this concept.



At the beginning, the mechanism, called mysql_old_password, was pretty insecure: it’s based on a broken hashing function and the password is 16 bytes long. It was not so complex for attackers to find a plaintext password from the hash stored in the password column of …

[Read more]
MySQL 8 and Security – Encryption of binary logs

As I discussed in some of my recent talks at conferences (at the DOAG for example), MySQL 8 came out with new features which bring lots of improvements in terms of security.

“At-Rest” encryption has been existing from some releases by now:
– InnoDB Tablespace Encryption: by 5.7.11
– Redo and Undo Log Data Encryption: by 8.0.1
Now starting from version 8.0.14, you can also encrypt binary and relay log files. In this blog post we will see how to configure that and we will do some tests.

Case 1: Binary log files are not encrypted

Binary log files encryption is disables by default:

mysql> show variables like 'binlog_encryption';
+-------------------+-------+
| Variable_name     | Value |
+-------------------+-------+
| binlog_encryption | OFF   | …
[Read more]
My first presentation at the DOAG – “MySQL 8.0 Community: Ready for GDPR?”

This year I participated for the first time to the DOAG, the conference which takes place in November in Nuremberg. Here some key words about this event: Oracle and other technologies, 2000 visitors, more than 400 sessions, more than 800 abstracts sent, exhibitors…
And for me everything started when in June I decided to send an abstract for a MySQL session.

Preparation

I’ve been working on MySQL for several years. At the beginning of this year, I started testing the new 8.0 version. We live in an age where security is more important than ever, GDPR and other regulations force us to review some subjects such as privacy and data policies. MySQL put in place lots of improvements regarding security in this last version.
So my session proposal for the DOAG was the following one:

MySQL 8.0 Community – Ready for GDPR ?
One of the most topical subject today is security.
New …

[Read more]
Password Verification Policy in MySQL 8.0.13

The new release 8.0.13 for MySQL is available since last week.
Concerning security, this comes with a new feature already announced: the Password Verification Policy.
Let’s have a look…

This aim of this feature is to secure the attempts to change a password by specifying the old one to be replaced.
It is turned off by default:

mysql> show variables like 'password_require_current';
+--------------------------+-------+
| Variable_name            | Value |
+--------------------------+-------+
| password_require_current | OFF   |
+--------------------------+-------+

and we can activate it by several ways (as for some other password features):
1. Globally, at the server level:

mysql> set persist password_require_current='ON';
mysql> show variables like 'password_require_current';
+--------------------------+-------+
| Variable_name            | Value | …
[Read more]
MySQL 8.0 – Roles are finally there

Roles have been existing on many RDBMS for a long time by now. Starting from version 8.0, this functionality is finally there for MySQL.
The most important advantage is to define only once a role that includes a “set of permissions”, then assign it to each user, avoiding wasting time declaring them individually.

In MySQL, a role can be created like a user, but without the “identified by” clause and without login:

mysqld2-(root@localhost) [(none)]> CREATE ROLE 'r_sakila_read';
Query OK, 0 rows affected (0.03 sec)
mysqld2-(root@localhost) [(none)]> select user,host,authentication_string from mysql.user;
+------------------+-----------+------------------------------------------------------------------------+
| user             | host      | authentication_string                                                  |
+------------------+-----------+------------------------------------------------------------------------+
| …
[Read more]
MySQL – Time mismatch between system and log files

I was working on MySQL upgrades to version 5.7 at a customer, when I found out that for my instance, time in the error log file didn’t correspond to local system time:

mysql@test1:/u01/app/mysql/admin/mysqld1/log/ [mysqld1] mysql -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

mysql@test1:/u01/app/mysql/admin/mysqld1/log/ [mysqld1] ls -ltr mysqld1.err
-rw-r-----. 1 mysql mysql 13323 Apr 12 10:54 mysqld1.err

mysql@test1:/u01/app/mysql/admin/mysqld1/log/ [mysqld1] tail -1 mysqld1.err
2018-04-12T08:54:55.300633Z 67 [Note] Access denied for user 'root'@'localhost' (using password: YES)

I performed the operation at 10h54 but in the error log file I saw 8h54.
I checked if there was a problem between system and instance time, but that was not the case:

mysql@test1:/u01/app/mysql/admin/mysqld1/log/ [mysqld1] date
Thu Apr 12 10:56:02 CEST 2018

mysqld1-(root@localhost) …
[Read more]
Showing entries 1 to 10 of 16
6 Older Entries »