by Vinicius Grippa | Aug 1, 2023 | Insight for DBAs, MongoDB, Percona Software, Security
This blog was originally published on August 10, 2020, and was updated on August 1, 2023. “I think most of the time hackers behind the attacks do it just for fun, because they can and because it’s very simple”, — says Diachenko. Source: “Meowing” attack...
by Shivam Dhapatkar | Jun 28, 2023 | Insight for DBAs, PostgreSQL, Security
In the Postgres database, the application data can be organized in various ways using Postgres schemas. In the Postgres database cluster, whenever we create a new database, It gets created with the default schema called public schema. This blog post will discuss the...
by Jan Wieremjewicz | Apr 28, 2023 | Cloud, MongoDB, Percona Software, Security
Did you notice that Percona Server for MongoDB 6.0.5-4 was released just a few days ago? This time around, it introduced improvements to the way we handle master key rotation for data at rest encryption as well as AWS IAM integration. One key to rule them all —...
by Joe Brockmeier | Apr 26, 2023 | Database Trends, Insight for DBAs, Insight for Developers, Open Source
Even though open source software is firmly in the mainstream, used widely by businesses, governments, and everyone who owns a cell phone or computer, the question repeatedly arises: “Is open source software safe?” Broadly speaking, the answer is a resounding yes. But...
by Abhinav Gupta | Apr 24, 2023 | MySQL, ProxySQL, Security
In this blog post, we will see how to persist the password inside the ProxySQL mysql_users table in hashed format only. Also, even if someone stored the password in cleartext, we see how to change those into the hashed format easily. Here we are just highlighting one...
by Sergey Pronin | Apr 20, 2023 | Cloud, Percona Software, PostgreSQL, Security
Data-at-rest encryption is essential for compliance with regulations that require the protection of sensitive data. Encryption can help organizations comply with regulations and avoid legal consequences and fines. It is also critical for securing sensitive data and...
by Gaurav Pareek | Mar 21, 2023 | Insight for DBAs, MySQL, Security
In this blog, I’ll discuss the use case for replication. We want to improve our ability to replicate your data and limit replication to row-based events securely, wherein we do not have control over the source(s). The replica doesn’t have checking...
by Sergey Pronin | Jan 17, 2023 | Percona Platform, Percona Software, Security
by Sergey Pronin | Dec 15, 2022 | Cloud, MySQL, Percona Software, Security
Operators hide the complexity of the application and Kubernetes. Instead of dealing with Pods, StatefulSets, tons of YAML manifests, and various configuration files, the user talks to Kubernetes API to provision a ready-to-use application. An Operator automatically...
by Marco Tusa | Nov 23, 2022 | Insight for DBAs, MySQL, Security
What is dual password in MYSQL and how it works was already covered by my colleague Brian Sumpter in Using MySQL 8 Dual Passwords. However, let me do a brief recap here about it. Dual password is the MySQL mechanism that allows you to keep two passwords active at the...
by Marco Tusa | Nov 10, 2022 | MySQL, Percona Software, ProxySQL, Security
Every day we use dozens if not hundreds of applications connecting to some kind of data repository. This simple step is normally executed over the network and, given so, it is subject to possible sniffing with all the possible related consequences. Given that, it is...
by Inel Pandzic | Oct 3, 2022 | Cloud, Percona Software, Security
Just to have a simple refresher, let’s start with a bit of Wikipedia: a vulnerability (in computing) is: Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be exploited by a threat actor,...
by Sergey Pronin | Sep 23, 2022 | MongoDB, MySQL, Percona Platform, Percona Software, PostgreSQL
September was and is an extremely fruitful month (especially for the black-hat hackers) for news about data leaks and breaches: Uber suffers computer system breach, alerts authorities GTA 6 source code and videos leaked after Rockstar Games hack Revolut breach:...
by Alexander Demidoff | Jul 7, 2022 | Monitoring, Percona Software, Security
We highly value security here at Percona, and in this blog post, we will show how to protect your Percona Monitoring and Management (PMM) Server with an SSL certificate and automate its lifecycle by leveraging a proxy server. Introduction As you may know, PMM Server...
by Zsolt Parragi | May 25, 2022 | Insight for DBAs, MySQL, Percona Software, Security
MySQL allows changing the location of the general log and the slow query log while the server is running by anybody having the SYSTEM_VARIABLES_ADMIN privilege to any location, including appending to existing files. In Percona Server for MySQL 8.0.28-19 we introduced...
by Brian Sumpter | Mar 23, 2022 | Insight for DBAs, MySQL, Security
As part of my ongoing series around MySQL 8 user administration, I’d like to cover one of the new features introduced in MySQL 8.0.27 – multi-factor authentication. In order to establish identity, multi-factor authentication (MFA) is the use of multiple...
by Brian Sumpter | Mar 22, 2022 | Insight for DBAs, MySQL, Security
In keeping with my MySQL 8 user administration and security theme, I’d like to discuss the password verification-required policy introduced in MySQL 8.0.13. With this feature, it is possible to require that attempts to change an account password be verified by...
by Mike Benshoof | Jan 4, 2022 | MySQL, Percona Software, Security
Security will always be a main focal point of a company’s data. A common question I get from clients is, “how do I enable encryption?” Like every good consulting answer, it depends on what you are trying to encrypt. This post is a high-level summary...
by David Busby | Dec 14, 2021 | Percona Announcements, Security
Percona Security has been tracking an evolving issue over the weekend and into the beginning of this week. The Log4J vulnerability, also sometimes referred to as Log4JShell, can be exploited to allow for the complete takeover of the target to run any arbitrary code....
by Brian Sumpter | Oct 5, 2021 | Insight for DBAs, MySQL, Security
As part of my ongoing focus on MySQL 8 user and password management, I’ve covered how the new dual passwords feature can reduce the overall DBA workload and streamline the management process (see MySQL 8: Dual Passwords). This wasn’t the only change to user/password...
