by Pep Pla | Sep 8, 2025 | Insight for DBAs, MongoDB, MySQL, PostgreSQL, Security
Percona has a great set of tools known as the Percona Toolkit, one of which is pt-upgrade. The idea behind this tool is to replay a captured sequence of queries that were executed on a different database server. This is very useful to validate if a new version of the...
by David Quilty | Aug 14, 2025 | Insight for DBAs, MySQL, Open Source, Security
Your MySQL database has been running smoothly for years. Your team knows it inside and out. Everything just… works. Why rock the boat with an upgrade? Here’s why: MySQL 8.0 reaches its end-of-life date in April 2026. After this date, there’s no safety net;...
by Ibrar Ahmed | Aug 2, 2025 | Featured, Insight for DBAs, PostgreSQL, Security
This post was originally written in 2023 and was updated in 2025. Protecting sensitive information in PostgreSQL starts with strong authentication. It’s the process of verifying who’s trying to connect, whether through usernames and passwords, tokens, or one-time...
by Jan Wieremjewicz | Jun 30, 2025 | Open Source, PostgreSQL
Lately, it feels like every time I go to a technical conference, someone is talking about how great PostgreSQL is. I’d think it’s just me noticing, but the rankings and surveys say otherwise. PostgreSQL is simply very popular. From old-school bare metal setups to VMs,...
by Ibrar Ahmed | Apr 1, 2025 | Insight for DBAs, PostgreSQL, Security
This blog was first authored by Ibrar Ahmed in 2021. We’ve updated it in 2025 for clarity and relevance, reflecting current practices while honoring their original perspective. You think your PostgreSQL setup is secure. That is, until you actually try to document it....
by David Quilty | Jan 22, 2025 | PostgreSQL, Security
Data security threats are becoming increasingly sophisticated, creating real challenges for organizations using PostgreSQL databases. While PostgreSQL is known for its reliability and feature-rich platform, a security breach can lead to serious consequences—damaged...
by Konstantin Trushin | Jan 10, 2025 | Insight for DBAs, MongoDB, Security
When setting up data-at-rest encryption (also known as transparent data encryption) in Percona Server for MongoDB, one has three options for storing a master encryption key: Encryption key file on a filesystem, KMIP server, HashiCorp’s Vault. An encryption key...
by Konstantin Trushin | Aug 9, 2024 | Insight for DBAs, MongoDB, Percona Software, Security
Data-at-rest encryption (also known as transparent data encryption or TDE) is a necessary mechanism for ensuring the security of a DBMS deployment. Upcoming releases of Percona Server for MongoDB extend that mechanism with the KMIP key state polling feature. In this...
by David Quilty | May 9, 2024 | Insight for DBAs, MySQL, Security
Have you ever read a news story about a major company experiencing a data breach that exposed millions of customer records? These breaches can be devastating, causing significant financial losses, reputational damage, and even legal repercussions. Unfortunately, MySQL...
by David Quilty | May 6, 2024 | Insight for DBAs, MongoDB, Security
MongoDB offers powerful features and scalability, but like any database system, it has security challenges that must be addressed to protect sensitive data as well as comply with regulatory standards like GDPR, HIPAA, PCI DSS, and AM/ATF. A single breach can...
by Kai Wagner | Apr 9, 2024 | Open Source, Percona Software, PostgreSQL, Security
Disclaimer: This blog post is no longer up-to-date. The pg_tde extension has since been released as production-ready. For the latest information, please refer to the official announcement or documentation below:...
by David Stokes | Apr 1, 2024 | Percona Software, PostgreSQL, Security
Percona’s pg_tde project brings a long-needed ability to encrypt data to PostgreSQL transparently. We are actively asking you to test this code to help build a better project. So please test pg_tde! As you have probably read in earlier blogs on pg_tde, it depends on a...
by Jaime Sicam | Mar 27, 2024 | Insight for DBAs, MongoDB, Percona Software, Security
Percona Server for MongoDB currently has several external authentication options, such as LDAP with SASL, LDAP, Kerberos, and AWS IAM. What is amazing is that SASL can authenticate with Pluggable Authentication Modules (PAM) too. This means that you still have...
by David Quilty | Mar 25, 2024 | Insight for DBAs, Percona Services, Security
Anyone working with databases knows that data is the driving force behind every online activity, and data security is always a top concern. Seeing as how they store and manage vast amounts of sensitive and valuable data, ranging from financial records to personal...
by Sergey Pronin | Mar 4, 2024 | Cloud, Percona Software, PostgreSQL
Percona Operator for PostgreSQL is now Red Hat OpenShift certified. You can now use Percona Operator for PostgreSQL to deploy and manage highly available PostgreSQL clusters on OpenShift. Certification guarantees that our Operator meets standards for interoperability,...
by Sergey Pronin | Feb 21, 2024 | Cloud, Insight for DBAs, Percona Software, Security
According to CNCF surveys, security is always among the top concerns for Kubernetes practitioners and platform engineers. Percona Everest — an open source cloud-native database platform – is now in Alpha stage, but it is important to set it up properly from day 0. In...
by David Stokes | Feb 6, 2024 | Insight for DBAs, MySQL, Security
Are your MySQL users using ‘password’, ‘s3cr3t’, or ‘thebossisajerk’ as their passwords? Easy-to-guess passwords can be disastrous to the security of your data, but there is a way to exclude inappropriate words or phrases from being used. The first step is to compile...
by Ibrar Ahmed | Feb 2, 2024 | Insight for DBAs, PostgreSQL, Security
This blog was originally published in December of 2022 and updated in February of 2024. Encrypting data at rest in a database management system (DBMS) refers to securing data by encrypting it when it is not being used or accessed. This is often done to protect...
by Yunus Shaikh | Jan 5, 2024 | Cloud, MySQL, Security
The AWS KMS component is now available in Percona Server for MySQL starting from version 8.0.30. This addition enables data-at-rest encryption by utilizing the AWS KMS component, providing the functionality to create and manage cryptographic keys across AWS services....
by Sri Sakthivel | Aug 10, 2023 | Insight for DBAs, MySQL, Security
MySQL 8.0.34 brings us a new password validation parameter. Using this, we can control the minimum number of characters in a password that a user must change before validate_password accepts a new password for the user’s account. In this blog, I offer a few...
