Tag - security

Use MySQL Without a Password (and Still be Secure)

Use MySQL Without a Password

Some say that the best password is the one you don’t have to remember. That’s possible with MySQL, thanks to the auth_socket plugin and its MariaDB version unix_socket.
Neither of these plugins is new, and some words have been written about the auth_socket on this blog before, for example: how to change passwords in MySQL […]

Read more

Setting up MongoDB with Member x509 auth and SSL + easy-rsa

MongoDB Member with x509 auth

Hi everyone! This is one of the most requested subjects to our support team and I’d like to share the steps as a tutorial blog post. Today, we will set up internal authentication using x.509 certificates as well as enabling TSL/SSL.
If using authentication in MongoDB, there are two ways to configure intra-cluster authentication:

Using a […]

Read more

Incident Involving Percona Forums on September 24, 2019

Summary
On September 24, 2019, Percona’s IT and IT Security teams were made aware of a denial of service attack on www.percona.com/forums. We use vBulletin to host Percona Forums, which was subjected to a zero-day pre-authentication remote code execution. This vulnerability potentially allows an unauthenticated attacker to remotely execute code on, or possibly complete control […]

Read more

Another Day, Another Data Leak

another day another data leak Exactis

In the last few days, there has been information released about yet another alleged data leak, placing in jeopardy “…[the] personal information on hundreds of millions of American adults, as well as millions of businesses.” In this case, the “victim” was Exactis, for whom data collection and data security are core business functions.
Some takeaways […]

Read more