Showing entries 1 to 10 of 507
10 Older Entries »
Displaying posts with tag: Security (reset)
Trusting mysqldump and Insecure MySQL Client Lead to Remote Code Execution

Yes, you read this correctly: because the MySQL client is insecure and allows running arbitrary commands, and because mysqldump blindly trusts the server it is dumping from, a hostile MySQL Server on which mysqldump is executed could trigger arbitrary command execution (also known as a remote code execution).  This post raises awareness on this vulnerability and shows how a secure MySQL

Securing Your MySQL Database: Essential Best Practices

Have you ever read a news story about a major company experiencing a data breach that exposed millions of customer records? These breaches can be devastating, causing significant financial losses, reputational damage, and even legal repercussions. Unfortunately, MySQL databases, one of the most popular relational database management systems, is at the heart of many critical […]

17 Years of Insecure MySQL Client !

Yes, this is a catchy title, but it is true, and it got you reading this post :-).  Another title could have been “Please load this mysql-dump: what could go wrong ?”.  As you guessed, loading a dump is not a risk-free operation.  In this post, I explain how the insecure MySQL client makes this operation risky and how to protect against it.

And if you think this post is not

Percona XtraBackup 8.0.28 Supports Encrypted Table Backups with AWS KMS

Percona XtraBackup (PXB) version 8.0.28 supports taking backups for the encrypted tables in your MySQL database using the AWS Key Management Service. For setting up data-at-rest encryption using AWS key management service, please see Configuring Keyring for Encryption Using AWS Key Management Service in Percona Server for MySQL.In this blog post, we will discuss how […]

Are Your MySQL Users Using ‘password’ or ‘thebossisajerk’ as Passwords?

Are your MySQL users using ‘password’, ‘s3cr3t’, or ‘thebossisajerk’ as their passwords? Easy-to-guess passwords can be disastrous to the security of your data, but there is a way to exclude inappropriate words or phrases from being used. The first step is to compile a list of words and phrases you want to exclude, and that […]

Configuring Keyring for Encryption Using AWS Key Management Service in Percona Server for MySQL

The AWS KMS component is now available in Percona Server for MySQL starting from version 8.0.30. This addition enables data-at-rest encryption by utilizing the AWS KMS component, providing the functionality to create and manage cryptographic keys across AWS services.How do we set up encryption using AWS KMS?You should only load a keyring component with a […]

MySQL General Tablespaces: A Powerful Storage Option for Your Data

Managing storage and performance efficiently in your MySQL database is crucial, and general tablespaces offer flexibility in achieving this. This blog discusses general tablespaces and explores their functionalities, benefits, and practical usage, along with illustrative examples.What are MySQL general tablespaces?In contrast to the single system tablespace that holds system tables by default, general tablespaces are […]

Audit DROP Statements in Percona Server for MySQL

Managing database servers involves different aspects, among which security is critical. We know that we should always grant the minimal required permissions to the different user accounts in the database, as having a user with high-level permission can lead to unexpected results, such as having an index drop affecting the system performance or even more […]

MySQL 8.0.34 Improved Password Management by Defining the Change Characters Count

MySQL 8.0.34 brings us a new password validation parameter. Using this, we can control the minimum number of characters in a password that a user must change before validate_password accepts a new password for the user’s account.

In this blog, I offer a few scenarios showing how the parameter validate_password.changed_characters_percentage affects user password changes.

Requirement

To make this work, we should enable the “Password Verification-Required Policy” (introduced in MySQL 8.0.13). We can allow it to GLOBALLY by using the parameter “password_require_current” or by specifying  “PASSWORD REQUIRE CURRENT” while creating or altering the user. This topic was already explained very well by Brain Sumpter in his post, …

[Read more]
Vitess Security Audit Results

The Vitess Maintainer team is pleased to announce the results of a recent third-party security audit of the Vitess code base. Vitess had previously been audited in 2019. Given the amount of time that has passed, and the magnitude of change during that time, the maintainer team decided to request a fresh audit. Starting in March 2023, an independent team from Ada Logics performed a full security audit of Vitess with a special focus on VTAdmin, which is a relatively new addition to Vitess.

Showing entries 1 to 10 of 507
10 Older Entries »