Buy Percona ServicesBuy Now!

Another Day, Another Data Leak

 | July 6, 2018 |  Posted In: Business Continuity, MongoDB, MySQL, Percona Server for MongoDB, Percona Server for MySQL, Security

another day another data leak Exactis

In the last few days, there has been information released about yet another alleged data leak, placing in jeopardy “…[the] personal information on hundreds of millions of American adults, as well as millions of businesses.” In this case, the “victim” was Exactis, for whom data collection and data security are core business functions. Some takeaways […]

Read More

MongoDB: deploy a replica set with transport encryption (part 3/3)

 | May 31, 2018 |  Posted In: Insight for DBAs, Insight for Developers, MongoDB, Security

MongoDB Encryption Replica Sets

In this third and final post of the series, we look at how to configure transport encryption on a deployed MongoDB replica set. Security vulnerabilities can arise when internal personnel have legitimate access to the private network, but should not have access to the data. Encrypting intra-node traffic ensures that no one can “sniff” sensitive data […]

Read More

Binlog Encryption with Percona Server for MySQL

 | March 8, 2018 |  Posted In: Database Monitoring, Insight for DBAs, MySQL, Percona Server for MySQL, Security

binlog encryption

In this blog post, we’ll look at how to turn on binlog encryption in Percona Server for MySQL. Why do I need this? As you probably know, Percona Server for MySQL’s binlog contains sensitive information. Replication uses the binlog to copy events between servers. They contain all the information from one server so that it can […]

Read More

MySQL 8.0.4 RC: auth_socket Users Beware!

 | January 24, 2018 |  Posted In: Insight for DBAs, MySQL, MySQL 8.0, Security

MySQL 8.0.4 RC

The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait! Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the auth_socket plugin from logging in after SHA256 authentication has been […]

Read More

20-30% Performance Hit from the Spectre Bug Fix on Ubuntu

 | January 23, 2018 |  Posted In: Insight for DBAs, Insight for Developers, MySQL, Security

Spectre Bug Fix on Ubuntu

In this blog post, we’ll look at the performance hit from the Spectre bug fix on Ubuntu. Recently we measured the performance penalty from the Meltdown fix on Ubuntu servers. It turned out to be negligible. Today, Ubuntu made a Spectre bug fix on Ubuntu available, shipped in kernel 4.4.0-112. As with the Meltdown fix, […]

Read More

Does the Meltdown Fix Affect Performance for MySQL on Bare Metal?

and  | January 18, 2018 |  Posted In: Insight for DBAs, Insight for Developers, MySQL, Security

Meltdown Fix Affect Performance small

In this blog post, we’ll look at does the Meltdown fix affect performance for MySQL on bare metal servers. Since the news about the Meltdown bug, there were a lot of reports on the performance hit from proposed fixes. We have looked at how the fix affects MySQL (Percona Server for MySQL) under a sysbench workload. […]

Read More

ProxySQL Firewalling

 | January 15, 2018 |  Posted In: Database Monitoring, MySQL, ProxySQL, Security

ProxySQL Firewalling

In this blog post, we’ll look at ProxySQL firewalling (how to use ProxySQL as a firewall). Not long ago we had an internal discussion about security, and how to enforce a stricter set of rules to prevent malicious acts and block other undesired queries. ProxySQL came up as a possible tool that could help us in achieving […]

Read More

Meltdown and Spectre: CPU Security Vulnerabilities

and  | January 4, 2018 |  Posted In: MongoDB, MySQL, open source databases, Security

CPU Security Vulnerabilities

In this blog post, we examine the recent revelations about CPU security vulnerabilities. The beginning of the new year also brings to light fresh and new CPU security vulnerabilities. Today’s big offenders originate on the hardware side – more specifically, the CPU. The reported hardware kernel bugs allow for direct access to data held in the […]

Read More