Showing entries 1 to 10 of 391
10 Older Entries »
Displaying posts with tag: Security (reset)
MyISAM and KPTI – Performance Implications From The Meltdown Fix

Recently we had a report from a user who had seen a stunning 90% performance regression after upgrading his server to a Linux kernel with KPTI (kernel page-table isolation – a remedy for the Meltdown vulnerability). A big deal of those 90% was caused by running in an old version of VMware which doesn’t pass […]

The post MyISAM and KPTI – Performance Implications From The Meltdown Fix appeared first on MariaDB.org.

Fun with Bugs #61 - On MySQL Bug Reports I am Subscribed to, Part III

Since my previous post on this topic I've subscribed to 19 more MySQL bugs, so it's time for yet another review of these reports. I am trying to pick up important, funny or hard to process reports every day, and here is the list of the most interesting ones starting from the latest:

  • Bug #89607 - "MySQL crash in debug, PFS thread not handling singals." We have a patch contributed by Robert Golebiowski.
  • Bug #89583 - "no rpm build instructions from source git tree". As Simon Mudd put it:
    "... The sources are supposed to be in the git tree …
[Read more]
How caching_sha2_password leaks passwords

Oracle recently announced a new authentication plugin: caching_sha2_password. This was added in 8.0.4, the second release candidate for MySQL 8.0. The new plugin is also made the default (can be configured by changing default_authentication_plugin.

Why? Phasing out SHA1

As Oracle said in the blog post to annouce this change they want to move to a more secure hashing algorithm (SHA256). Which I think is a good reason to do this.

Adding salt

Adding a …

[Read more]
MySQL 8.0.4 : New Default Authentication Plugin : caching_sha2_password

Starting with MySQL 8.0.4, we are changing the default authentication plugin for MySQL server from mysql_native_password to caching_sha2_password. Correspondingly, libmysqlclient will now use caching_sha2_password as the default authentication mechanism, too.

Why did we do it?

The advantage of mysql_native_password is that it support challenge-response mechanism which is very quick and does not require encrypted connection.…

MySQL 8.0.4 RC: auth_socket Users Beware!

The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait!

Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the

auth_socket

 plugin from logging in after SHA256 authentication has been made the default authentication method. With the …

[Read more]
MySQL 8.0.4, OpenSSL, and MySQL Community Edition

Starting with the MySQL Community 8.0.4-RC we are unifying on OpenSSL as the default TLS/SSL library for both MySQL Enterprise Edition and MySQL Community Edition. Previously, MySQL Community Edition used YaSSL.

Why make this change?

  • Community Requests – Supporting OpenSSL in the MySQL Community Edition has been one of the most frequently requested features.

20-30% Performance Hit from the Spectre Bug Fix on Ubuntu

In this blog post, we’ll look at the performance hit from the Spectre bug fix on Ubuntu.

Recently we measured the performance penalty from the Meltdown fix on Ubuntu servers. It turned out to be negligible.

Today, Ubuntu made a Spectre bug fix on Ubuntu available, shipped in kernel 4.4.0-112. As with the Meltdown fix, we measured the effect of this update. Unfortunately, we observed a major performance penalty on MySQL workloads with this new kernel.

Our benchmark used the following:

System:

  • CPU:
    • 2 x Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50GHz (Codename Haswell)
    • /proc/cpuinfo has 48 …
[Read more]
MariaDB 5.5.59 now available

The MariaDB project is pleased to announce the immediate availability of MariaDB 5.5.59. This is a stable (GA) release. See the release notes and changelog for details. Download MariaDB 5.5.59 Release Notes Changelog What is MariaDB 5.5? MariaDB APT and YUM Repository Configuration Generator Thanks, and enjoy MariaDB!

The post MariaDB 5.5.59 now available appeared first on MariaDB.org.

Does the Meltdown Fix Affect Performance for MySQL on Bare Metal?

In this blog post, we’ll look at does the Meltdown fix affect performance for MySQL on bare metal servers.

Since the news about the Meltdown bug, there were a lot of reports on the performance hit from proposed fixes. We have looked at how the fix affects MySQL (Percona Server for MySQL) under a sysbench workload.

In this case, we used bare metal boxes with the following specifications:

  • Two-socket Intel(R) Xeon(R) CPU E5-2683 v3 @ 2.00GHz (in total 56 entries in /proc/cpuinfo)
  • Ubuntu 16.04
  • Memory: 256GB
  • Storage: Samsung SM863 1.9TB SATA SSD
  • Percona Server for MySQL 5.7.20
  • Kernel (vulnerable) 4.13.0-21
  • Kernel (with Meltdown fix) 4.13.0-25

Please note, the current kernel for Ubuntu 16.04 contains only a Meltdown fix, …

[Read more]
ProxySQL Firewalling

In this blog post, we’ll look at ProxySQL firewalling (how to use ProxySQL as a firewall).

Not long ago we had an internal discussion about security, and how to enforce a stricter set of rules to prevent malicious acts and block other undesired queries. ProxySQL came up as a possible tool that could help us in achieving what we were looking for. Last year I wrote about how to use ProxySQL to stop a single query.

That approach may be good for few queries and as a temporary solution. But what can we do when we really want to use ProxySQL as an SQL-based firewall? And more importantly, how to do it right?

First of all, let us define what “right” can be in this context. …

[Read more]
Showing entries 1 to 10 of 391
10 Older Entries »