EmergencyEMERGENCY? Get 24/7 Help Now!

Percona XtraDB Cluster: “dh key too small” error during an SST using SSL

 | April 23, 2017 |  Posted In: Percona XtraDB Cluster, Security, XtraDB Cluster

wsrep-stages

If you’ve tried to use SSL in Percona XtraDB Cluster and saw an error in the logs like SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small, we’ve implemented some changes in Percona XtraDB Cluster 5.6.34 and 5.7.16 that get rid of these errors. Some background dh key too small refers to the Diffie-Hellman parameters used by the SSL code that are […]

Read More

Percona Server for MySQL in Docker Swarm with Secrets

 | April 21, 2017 |  Posted In: Docker, MySQL, Security

This quick post demonstrates using Percona Server for MySQL in Docker Swarm with some new authentication provisioning practices. Some small changes to the startup script for the Percona-Server container image allows us to specify a file that contains password values to set as our root user’s secret. “Why do we need this functionality,” I hear you cry? When we […]

Read More

Simplified Percona XtraDB Cluster SSL Configuration

 | April 21, 2017 |  Posted In: MySQL, Percona XtraDB Cluster, Security, XtraDB Cluster

wsrep-stages

In this blog post, we’ll look at a feature that recently added to Percona XtraDB Cluster 5.7.16, that makes it easier to configure Percona XtraDB Cluster SSL for all related communications. It uses mode “encrypt=4”, and configures SSL for both IST/Galera communications and SST communications using the same SSL files. “encrypt=4” is a new encryption […]

Read More

How to Setup and Troubleshoot Percona PAM with LDAP for External Authentication

 | April 21, 2017 |  Posted In: Insight for DBAs, MySQL, Security

Percona PAM

In this blog, we’ll look at how to setup and troubleshoot the Percona PAM authentication plugin. We occasionally get requests from our support clients on how to get Percona Server for MySQL to authenticate with an external authentication service via LDAP or Active Directory. However, we normally do not have access to client’s infrastructure to […]

Read More

Enabling Percona XtraDB Cluster SST Traffic Encryption

 | April 21, 2017 |  Posted In: Percona XtraDB Cluster, Security, XtraDB Cluster

wsrep-stages

In this blog post, we’ll look at enabling Percona XtraDB Cluster SST Traffic Encryption, and some of the changes to the SSL-based encryption of SST traffic in Percona XtraDB Cluster 5.7.16. Some background Percona XtraDB Cluster versions prior to 5.7 support encryption methods 0, 1, 2 and 3: encrypt = 0 : (default) No encryption encrypt […]

Read More

Percona Server for MongoDB: Dashing New LDAP Authentication Plugin

 | March 16, 2017 |  Posted In: MongoDB, Security, Solutions Engineering

LDAP Authentication

This blog post is another in the series on the Percona Server for MongoDB 3.4 bundle release. In this blog, we’ll look at the new LDAP authentication plugin.  Hear ye, hear ye, hear ye… With the arrival of version 3.4, Percona has included an LDAP plugin in Percona Server for MongoDB. Authentication is an essential […]

Read More

MongoDB Audit Log: Why and How

 | March 3, 2017 |  Posted In: MongoDB, Percona Server for MongoDB, Security

MMAPv1

This blog post is another in the series on the Percona Server for MongoDB 3.4 bundle release. In this blog post, we’ll talk about the MongoDB audit log. Percona’s development team has always invested in the open-source community a priority – especially for MongoDB. As part of this commitment, Percona continues to build MongoDB Enterprise […]

Read More

MySQL Ransomware: Open Source Database Security Part 3

and  | February 27, 2017 |  Posted In: MySQL, Security

MySQL Ransomware

This blog post examines the recent MySQL® ransomware attacks, and what open source database security best practices could have prevented them. Unless you’ve been living under a rock, you know that there has been an uptick in ransomware for MongoDB and Elasticsearch deployments. Recently, we’re seeing the same for MySQL. Let’s look and see if this is MySQL’s […]

Read More