Tag - security

Another Day, Another Data Leak

another day another data leak Exactis

In the last few days, there has been information released about yet another alleged data leak, placing in jeopardy “…[the] personal information on hundreds of millions of American adults, as well as millions of businesses.” In this case, the “victim” was Exactis, for whom data collection and data security are core business functions.
Some takeaways […]

Read more

PXC loves firewalls (and System Admins loves iptables)

PXC and setting firewalls using iptables

Let them stay together.
In the last YEARS, I have seen quite often that users, when installing a product such as PXC, instead of spending five minutes to understand what to do just run
iptables -F  and save.
In short, they remove any rules for their firewall.
With this post, I want to show you how easy […]

Read more

MongoDB: deploy a replica set with transport encryption (part 3/3)

MongoDB Encryption Replica Sets

In this third and final post of the series, we look at how to configure transport encryption on a deployed MongoDB replica set. Security vulnerabilities can arise when internal personnel have legitimate access to the private network, but should not have access to the data. Encrypting intra-node traffic ensures that no one can “sniff” sensitive […]

Read more

Binlog Encryption with Percona Server for MySQL

binlog encryption

In this blog post, we’ll look at how to turn on binlog encryption in Percona Server for MySQL.
Why do I need this?
As you probably know, Percona Server for MySQL’s binlog contains sensitive information. Replication uses the binlog to copy events between servers. They contain all the information from one server so that it can be […]

Read more

MySQL 8.0.4 RC: auth_socket Users Beware!

MySQL 8.0.4 RC

The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait!
Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the
auth_socket plugin from logging in after SHA256 authentication has […]

Read more

20-30% Performance Hit from the Spectre Bug Fix on Ubuntu

Spectre Bug Fix on Ubuntu

In this blog post, we’ll look at the performance hit from the Spectre bug fix on Ubuntu.
Recently we measured the performance penalty from the Meltdown fix on Ubuntu servers. It turned out to be negligible.
Today, Ubuntu made a Spectre bug fix on Ubuntu available, shipped in kernel 4.4.0-112. As with the Meltdown fix, we […]

Read more

Does the Meltdown Fix Affect Performance for MySQL on Bare Metal?

Meltdown Fix Affect Performance small

In this blog post, we’ll look at does the Meltdown fix affect performance for MySQL on bare metal servers.
Since the news about the Meltdown bug, there were a lot of reports on the performance hit from proposed fixes. We have looked at how the fix affects MySQL (Percona Server for MySQL) under a sysbench […]

Read more

ProxySQL Firewalling

ProxySQL Firewalling

In this blog post, we’ll look at ProxySQL firewalling (how to use ProxySQL as a firewall).
Not long ago we had an internal discussion about security, and how to enforce a stricter set of rules to prevent malicious acts and block other undesired queries. ProxySQL came up as a possible tool that could help us in […]

Read more

Meltdown and Spectre: CPU Security Vulnerabilities

CPU Security Vulnerabilities

In this blog post, we examine the recent revelations about CPU security vulnerabilities.
The beginning of the new year also brings to light fresh and new CPU security vulnerabilities. Today’s big offenders originate on the hardware side – more specifically, the CPU. The reported hardware kernel bugs allow for direct access to data held in the […]

Read more

MongoDB 3.6 Security Improvements

Running MongoDB

In this blog post, we’ll look at MongoDB 3.6 security improvements.
As we’ve already talked about in this series, MongoDB 3.6 has a number of new features in it. But we have talked less about the new security enhancements in this release. The MongoDB 3.6 security features are particularly exciting. Some of these are just […]

Read more