Author - Ceri Williams

The Importance of mysqlbinlog –version

Importance of MySQL binlog version

When deciding on your backup strategy, one of the key components for Point In Time Recovery (PITR) will be the binary logs. Thankfully, the mysqlbinlog command allows you to easily take binary log backups, including those that would otherwise be encrypted on disk using encrypt_binlog=ON. (more…)

Read more

Encryption of the InnoDB System Tablespace and Parallel Doublewrite Buffer

encryption of InnoDB tablespace parallel doublewrite buffer

In my last post I compared data at-rest encryption features available for MySQL and MariaDB. As noted at the time, some of the features available for Percona Server for MySQL were in development, and the latest version (5.7.23) sees two of them released as ALPHA quality.
Encrypting the InnoDB system tablespace
The first of the new […]

Read more

Comparing Data At-Rest Encryption Features for MariaDB, MySQL and Percona Server for MySQL

Encryption at rest MariaDB MySQL Percona Server

Protecting the data stored in your database may have been at the top of your priorities recently, especially with the changes that were introduced earlier this year with GDPR.
There are a number of ways to protect this data, which until not so long ago would have meant either using an encrypted filesystem (e.g. LUKS), […]

Read more

MySQL 8.0.4 RC: auth_socket Users Beware!

MySQL 8.0.4 RC

The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait!
Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the
auth_socket plugin from logging in after SHA256 authentication has […]

Read more

Using Vault with MySQL

Using Vault with MySQL

Using Vault with MySQL
In my previous post I discussed using GPG to secure your database credentials. This relies on a local copy of your MySQL client config, but what if you want to keep the credentials stored safely along with other super secret information? Sure, GPG could still be used, but there must be […]

Read more

Encrypt your –defaults-file

encrypt

Encrypt your credentials using GPG
This blog post will look how to use encryption to secure your database credentials.
In the recent blog post Use MySQL Shell Securely from Bash, there are some good examples of how you might avoid using a ~/.my.cnf – but you still need to put that password down on disk in the script. MySQL […]

Read more