Category: Security

Security

How to Achieve GDPR Compliance: Documenting Our Experience (I)

  Introduction The GDPR is a new regulation for the processing of personal data of data subjects residing in the European Union (EU). Essentially it is meant to protect the rights of those in the EU countries in regards to the fair and lawful processing of their personal information. It will take effect on May …

Security

MySQL vs MariaDB vs Percona Server: Security Features Comparison

  Security of data is critical for any organisation. It’s an important aspect that can heavily influence the design of the database environment. When deciding upon which MySQL flavour to use, you need to take into consideration the security features available from the different server vendors. In this blog post, we’ll come up with a …

Security

Ransomware Attacks Against MySQL and How to Avoid Them

One of the biggest news stories of 2017 on the MySQL front was unfortunately not a good one.  In February, hundreds of MySQL databases were erased and replaced with a ransom demand for 0.2 bitcoin, or about $234 US dollars at the time.  At least it wasn’t as bad as the previous month, when tens …

Security

MySQL 8.0.4 RC: auth_socket Users Beware!

  The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait! Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the auth_socket plugin from logging in after SHA256 authentication has …

Clustering, Security

How to Secure Galera Cluster – 8 Tips

  As a distributed database system, Galera Cluster requires additional security measures as compared to a centralized database. Data is distributed across multiple servers or even datacenters perhaps. With significant data communication happening across nodes, there can be significant exposure if the appropriate security measures are not taken. In this blog post, we are going …

Security

MySQL and MariaDB authentication against pam_unix

The PAM authentication plug-in is an extension included in MySQL Enterprise Edition (since 5.5) and in MariaDB (since 5.2). MySQL authentication against pam_unix Check if plug-in is available: # ll lib/plugin/auth*so -rwxr-xr-x 1 mysql mysql 42937 Sep 18 2015 lib/plugin/authentication_pam.so -rwxr-xr-x 1 mysql mysql 25643 Sep 18 2015 lib/plugin/auth.so -rwxr-xr-x 1 mysql mysql 12388 Sep …

Miscellaneous, Performance, Security

Does the Meltdown Fix Affect Performance for MySQL on Bare Metal?

In this blog post, we’ll look at does the Meltdown fix affect performance for MySQL on bare metal servers. Since the news about the Meltdown bug, there were a lot of reports on the performance hit from proposed fixes. We have looked at how the fix affects MySQL (Percona Server for MySQL) under a sysbench workload. …

Security

New Video – Ten Tips to Secure MySQL & MariaDB

  This video, based on last weeks blog “Ten Tips to Achieve MySQL and MariaDB Security”, walks you through ten different items to keep in mind when deploying a MySQL or MariaDB database to production. Database security is an essential part of any system. With more and more news reports of widespread data breaches coming …

Clustering, Security

ClusterControl Tips & Tricks: Securing your MySQL Installation (Updated)

  Requires ClusterControl 1.2.11 or later. Applies to MySQL based clusters. During the life cycle of Database installation it is common that new user accounts are created. It is a good practice to once in a while verify that the security is up to standards. That is, there should at least not be any accounts …

Security

Ten Tips on How to Achieve MySQL and MariaDB Security

  Security of data is a top priority these days. Sometimes it’s enforced by external regulations like PCI-DSS or HIPAA, sometimes it’s because you care about your customers’ data and your reputation. There are numerous aspects of security that you need to keep in mind – network access, operating system security, grants, encryption and so …