Docker Security Considerations – PART I
Why Docker Security Matters
It is a fact that Docker has found widespread use during the past years, mostly because it is very easy to use as well as fast and easy to deploy when compared with a full-blown virtual machine. More and more servers are being operated as Docker […]
In the last few days, there has been information released about yet another alleged data leak, placing in jeopardy “…[the] personal information on hundreds of millions of American adults, as well as millions of businesses.” In this case, the “victim” was Exactis, for whom data collection and data security are core business functions.
Some takeaways […]
Let them stay together.
In the last YEARS, I have seen quite often that users, when installing a product such as PXC, instead of spending five minutes to understand what to do just run
iptables -F and save.
In short, they remove any rules for their firewall.
With this post, I want to show you how easy […]
In this third and final post of the series, we look at how to configure transport encryption on a deployed MongoDB replica set. Security vulnerabilities can arise when internal personnel have legitimate access to the private network, but should not have access to the data. Encrypting intra-node traffic ensures that no one can “sniff” sensitive […]
Read more
In this blog post, we’ll look at how to turn on binlog encryption in Percona Server for MySQL.
Why do I need this?
As you probably know, Percona Server for MySQL’s binlog contains sensitive information. Replication uses the binlog to copy events between servers. They contain all the information from one server so that it can be […]
The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait!
Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the
auth_socket plugin from logging in after SHA256 authentication has […]
In this blog post, we’ll look at the performance hit from the Spectre bug fix on Ubuntu.
Recently we measured the performance penalty from the Meltdown fix on Ubuntu servers. It turned out to be negligible.
Today, Ubuntu made a Spectre bug fix on Ubuntu available, shipped in kernel 4.4.0-112. As with the Meltdown fix, we […]
In this blog post, we’ll look at does the Meltdown fix affect performance for MySQL on bare metal servers.
Since the news about the Meltdown bug, there were a lot of reports on the performance hit from proposed fixes. We have looked at how the fix affects MySQL (Percona Server for MySQL) under a sysbench […]
In this blog post, we’ll look at ProxySQL firewalling (how to use ProxySQL as a firewall).
Not long ago we had an internal discussion about security, and how to enforce a stricter set of rules to prevent malicious acts and block other undesired queries. ProxySQL came up as a possible tool that could help us in […]
In this blog post, we examine the recent revelations about CPU security vulnerabilities.
The beginning of the new year also brings to light fresh and new CPU security vulnerabilities. Today’s big offenders originate on the hardware side – more specifically, the CPU. The reported hardware kernel bugs allow for direct access to data held in the […]
