Percona Live 2018: Securing Access to Facebook’s DatabasesDave Avery
We’re moving along at Percona Live 2018, and there are still packed and energetic talks after lunch.
My next session was with Andrew Regner, Production Engineer at Facebook. His talk was on securing access to Facebook’s databases.
Since the beginning, Facebook has used a conventional username/password to secure access to production MySQL instances. Over the last few years, they’ve been working on moving to x509 TLS client certificate authenticated connections. Given the many types of languages and systems at Facebook that use MySQL in some way, this required a massive amount of changes for a lot of teams.
This talk is both a technical overview of how their new solution works and hard-learned tricks for getting an entire company to change their underlying MySQL client libraries.
After his talk, I had a chance to quickly talk with Andrew about his efforts to move the security process for Facebook’s databases. Check it out below.