In Percona Server for MySQL 8.0.41 / 8.4.4, we introduced several improvements in Encryption User-Defined Functions. Added support for RSAES-OAEP (OAEP) padding for RSA encrypt / decrypt operations. Added support for RSASSA-PSS (PSS) padding for RSA sign / verify operations. Added new encryption_udf.legacy_padding_scheme component system variable. Normalized character set support for all Encryption UDFs. PKCS1 […]
Yesterday I participated to the Oracle Technology Roundtable for Digital Natives in Zurich.
It was a good opportunity to learn more about AI, Cloud and HeatWave with the focus on very trendy features of this product: generative AI, machine learning, vector processing, analytics and transaction processing across data in Data Lake and MySQL databases.
It was also great to share moments with the Oracle and MySQL teams and meet customers which gave feedback and tips about their solutions already in place in this area.
I’ll try to summarize below some key take-away of each session.
Unlocking Innovation: How Oracle AI is Shaping the Future of Business (by Jürgen Wirtgen)
AI is not a new topic. But how do we …
[Read more]The internet has changed to a place where most protocols like HTTP etc now use secure connections with TLS by default.
While both HTTP and the MySQL Protocol use TLS for secure connections there are still many differences which make it difficult for MySQL to benefit from the same advancements as HTTP has seen in the last so many years.
What is TLS?
TLS stands for Transport Layer Security and is the successor of SSL (Socket Layer Security). SSL and TLS are often used interchangably, while this isn’t correct strictly speaking. What TLS provides is a standardized way to encrypt in transit traffic and authenticate the other end of the connection. TLS when used together with HTTP is known as HTTPS, for secure HTTP.
How TLS works in HTTPS
The client (webbrowser) connects to a server on port 443. Then negitiation is done to agree on what encryption method is to be used. The server presents the client with a …
[Read more]I am writing this quick post to share what I think is a problematic new behavior of Offline Mode in MySQL 9. Basically, the new default behavior in MySQL 9 is to write the username of the user which set offline_mode to ON. I think this behavior has not been considered from a security point of view because it leaks a root username in the error message presented to the users.
My
Yes, you read this correctly: because the MySQL client is insecure and allows running arbitrary commands, and because mysqldump blindly trusts the server it is dumping from, a hostile MySQL Server on which mysqldump is executed could trigger arbitrary command execution (also known as a remote code execution). This post raises awareness on this vulnerability and shows how a secure MySQL
Have you ever read a news story about a major company experiencing a data breach that exposed millions of customer records? These breaches can be devastating, causing significant financial losses, reputational damage, and even legal repercussions. Unfortunately, MySQL databases, one of the most popular relational database management systems, is at the heart of many critical […]
Yes, this is a catchy title, but it is true, and it got you reading this post :-). Another title could have been “Please load this mysql-dump: what could go wrong ?”. As you guessed, loading a dump is not a risk-free operation. In this post, I explain how the insecure MySQL client makes this operation risky and how to protect against it.
And if you think this post is not
Percona XtraBackup (PXB) version 8.0.28 supports taking backups for the encrypted tables in your MySQL database using the AWS Key Management Service. For setting up data-at-rest encryption using AWS key management service, please see Configuring Keyring for Encryption Using AWS Key Management Service in Percona Server for MySQL.In this blog post, we will discuss how […]
Are your MySQL users using ‘password’, ‘s3cr3t’, or ‘thebossisajerk’ as their passwords? Easy-to-guess passwords can be disastrous to the security of your data, but there is a way to exclude inappropriate words or phrases from being used. The first step is to compile a list of words and phrases you want to exclude, and that […]
The AWS KMS component is now available in Percona Server for MySQL starting from version 8.0.30. This addition enables data-at-rest encryption by utilizing the AWS KMS component, providing the functionality to create and manage cryptographic keys across AWS services.How do we set up encryption using AWS KMS?You should only load a keyring component with a […]