by Robert Bernier | Jun 25, 2020 | Database Trends, Insight for DBAs, Security
Today I’m going to talk about my favorite trope, “database security”. When done right, a good security policy not only protects your data but improves performance, system stability, and enhances the development life-cycle. When done wrong it not only...
by Mykola Marzhan | Jun 12, 2020 | Insight for DBAs, MySQL, Security
In most cases, MySQL password instructions provide information on changing MySQL user passwords on the production system (e.g., reset root password without restart). It is even recommended to change passwords regularly for security reasons. But still, sometimes DBA...
by Max Dudin | Jun 11, 2020 | Insight for DBAs, MySQL, Security
Day-to-day database operation requires, from an administrator, deep knowledge of db internals and security issues, in particular things like SQL injections. In order to prevent such kind of an attack, we have included go-sql-driver into our code for secure placeholder...
by Robert Bernier | Jun 4, 2020 | Monitoring, PostgreSQL, Security
Security, when done right, not only protects your data but improves performance, system stability, and enhances the development life-cycle. Because PostgreSQL security can easily become an all-encompassing activity, we’ll deal with the most common mechanisms....
by Carlos Tutte | Jun 3, 2020 | MySQL, Security
In systems nowadays, improving security is a must! One of the weakest links in the security system is the user password from where an attacker can enter. In order to improve password strength and security, MySQL provides a plugin called “Validation plugin” which can...
by Jaime Sicam | Apr 21, 2020 | Insight for DBAs, MongoDB, Security
Since the release of Percona Server MongoDB 3.6.13 (PSMDB), you have been able to use Vault to store the encryption keys for data at rest encryption. Here’s how to set it up. First, you need to have a Vault server up and running. My colleague, Jericho, has an...
by Mike Benshoof | Apr 15, 2020 | Cloud, MySQL, Percona Services, Security
The other day on a call, a client asked me an interesting question. We were discussing some testing they were doing in Amazon Relational Database Service (RDS). The question came up “since RDS is managed, how can I prove to my security team that the data is actually...
by Walter Garcia | Apr 2, 2020 | MySQL, ProxySQL, Security
In this blog, we will test a new security feature added in ProxySQL 2.0.9. Since a time ago, we have had the ability to block queries using mysql_query_rules table matching a group of queries using reg exp like a blacklist. Check out a previous blog for how to config...
by Robert Golebiowski | Feb 19, 2020 | MySQL, Percona Software, Security
In the last blog post of this series, we discussed in detail how Master Key encryption works. In this post, based on what we already know about Master Key encryption, we look into how Master Key rotation works. The idea behind Master Key rotation is that we want to...
by Zsolt Parragi | Jan 6, 2020 | MySQL, Percona Software, Security
Starting with Percona Server for MySQL 8.0.17, Percona Server ships with a data masking plugin, using the same API as the MySQL Enterprise Masking and De-identification feature. This plugin was developed by MySQL Enterprise plugin. What is Data Masking? The data...
by Robert Golebiowski | Dec 9, 2019 | MySQL, Percona Software, Security
It has been possible to enable Transparent Data Encryption (TDE) in Percona Server for MySQL/MySQL for a while now, but have you ever wondered how it works under the hood and what kind of implications TDE can have on your server instance? In this blog posts series, we...
by Daniel Guzmán Burgos | Nov 1, 2019 | Insight for DBAs, MariaDB, MySQL
Some say that the best password is the one you don’t have to remember. That’s possible with MySQL, thanks to the auth_socket plugin and its MariaDB version unix_socket. Neither of these plugins is new, and some words have been written about the auth_socket on...
by Adamo Tonete | Oct 28, 2019 | MongoDB, Percona Software, Security
Hi everyone! This is one of the most requested subjects to our support team and I’d like to share the steps as a tutorial blog post. Today, we will set up internal authentication using x.509 certificates as well as enabling TSL/SSL. If using authentication in...
by David Busby | Sep 25, 2019 | Security
Summary On September 24, 2019, Percona’s IT and IT Security teams were made aware of a denial of service attack on www.percona.com/forums. We use vBulletin to host Percona Forums, which was subjected to a zero-day pre-authentication remote code execution. This...
by John Lionis | Jul 11, 2019 | Cloud, Security
Docker Security Considerations – PART I Why Docker Security Matters It is a fact that Docker has found widespread use during the past years, mostly because it is very easy to use as well as fast and easy to deploy when compared with a full-blown virtual machine. More...
by David Busby | Jul 6, 2018 | MongoDB, MySQL, Percona Software, Security
In the last few days, there has been information released about yet another alleged data leak, placing in jeopardy “…[the] personal information on hundreds of millions of American adults, as well as millions of businesses.” In this case, the “victim” was...
by Marco Tusa | Jun 12, 2018 | MySQL, Percona Software, Security
Let them stay together. In the last YEARS, I have seen quite often that users, when installing a product such as PXC, instead of spending five minutes to understand what to do just run iptables -F and save. In short, they remove any rules for their firewall. With...
by Corrado Pandiani | May 31, 2018 | Insight for DBAs, Insight for Developers, MongoDB, Security
In this third and final post of the series, we look at how to configure transport encryption on a deployed MongoDB replica set. Security vulnerabilities can arise when internal personnel have legitimate access to the private network, but should not have access to the...
by Robert Golebiowski | Mar 8, 2018 | Insight for DBAs, Monitoring, MySQL, Percona Software, Security
In this blog post, we’ll look at how to turn on binlog encryption in Percona Server for MySQL. Why do I need this? As you probably know, Percona Server for MySQL’s binlog contains sensitive information. Replication uses the binlog to copy events between...
