Security

Percona XtraDB Cluster: “dh key too small” error during an SST using SSL

wsrep-stages

If you’ve tried to use SSL in Percona XtraDB Cluster and saw an error in the logs like SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small, we’ve implemented some changes in Percona XtraDB Cluster 5.6.34 and 5.7.16 that get rid of these errors.
Some background
dh key too small refers to the Diffie-Hellman parameters used by the SSL code that are shorter […]

Read more

Percona Server for MySQL in Docker Swarm with Secrets

This quick post demonstrates using Percona Server for MySQL in Docker Swarm with some new authentication provisioning practices.
Some small changes to the startup script for the Percona-Server container image allows us to specify a file that contains password values to set as our root user’s secret. “Why do we need this functionality,” I hear you cry? When we […]

Read more

Simplified Percona XtraDB Cluster SSL Configuration

wsrep-stages

In this blog post, we’ll look at a feature that recently added to Percona XtraDB Cluster 5.7.16, that makes it easier to configure Percona XtraDB Cluster SSL for all related communications. It uses mode “encrypt=4”, and configures SSL for both IST/Galera communications and SST communications using the same SSL files. “encrypt=4” is a new […]

Read more

How to Setup and Troubleshoot Percona PAM with LDAP for External Authentication

Percona Server for MySQL 5.7.18-15

In this blog, we’ll look at how to setup and troubleshoot the Percona PAM authentication plugin.
We occasionally get requests from our support clients on how to get Percona Server for MySQL to authenticate with an external authentication service via LDAP or Active Directory. However, we normally do not have access to client’s infrastructure to […]

Read more

Enabling Percona XtraDB Cluster SST Traffic Encryption

wsrep-stages

In this blog post, we’ll look at enabling Percona XtraDB Cluster SST Traffic Encryption, and some of the changes to the SSL-based encryption of SST traffic in Percona XtraDB Cluster 5.7.16.
Some background
Percona XtraDB Cluster versions prior to 5.7 support encryption methods 0, 1, 2 and 3:

encrypt = 0 : (default) No encryption
encrypt = 1 : […]

Read more

Percona Server for MongoDB: Dashing New LDAP Authentication Plugin

LDAP Authentication

This blog post is another in the series on the Percona Server for MongoDB 3.4 bundle release. In this blog, we’ll look at the new LDAP authentication plugin. 
Hear ye, hear ye, hear ye… With the arrival of version 3.4, Percona has included an LDAP plugin in Percona Server for MongoDB. Authentication is an essential […]

Read more

Troubleshooting MySQL access privileges issues: Q & A

MySQL access privileges

In this blog, I will provide answers to the Q & A for the Troubleshooting MySQL Access Privileges Issues webinar.
First, I want to thank everybody for attending the February 23 webinar. The recording and slides for the webinar are available here. Below is the list of your questions that I wasn’t able to answer […]

Read more

MySQL, –i-am-a-dummy!

In this blog post, we’ll look at how “operator error” can cause serious problems (like the one we saw last week with AWS), and how to avoid them in MySQL using
–i-am-a-dummy.
Recently, AWS had some serious downtime in their East region, which they explained as the consequence of a bad deployment. It seems like […]

Read more

MongoDB Audit Log: Why and How

MMAPv1

This blog post is another in the series on the Percona Server for MongoDB 3.4 bundle release. In this blog post, we’ll talk about the MongoDB audit log.
Percona’s development team has always invested in the open-source community a priority – especially for MongoDB. As part of this commitment, Percona continues to build MongoDB Enterprise […]

Read more

MySQL Ransomware: Open Source Database Security Part 3

MySQL Ransomware

This blog post examines the recent MySQL® ransomware attacks, and what open source database security best practices could have prevented them.
Unless you’ve been living under a rock, you know that there has been an uptick in ransomware for MongoDB and Elasticsearch deployments. Recently, we’re seeing the same for MySQL.
Let’s look and see if this is MySQL’s fault.
Other […]

Read more