by Ceri Williams | Jan 24, 2018 | Insight for DBAs, MySQL, Security
The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait! Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as...
by Vadim Tkachenko | Jan 23, 2018 | Insight for DBAs, Insight for Developers, MySQL, Security
In this blog post, we’ll look at the performance hit from the Spectre bug fix on Ubuntu. Recently we measured the performance penalty from the Meltdown fix on Ubuntu servers. It turned out to be negligible. Today, Ubuntu made a Spectre bug fix on Ubuntu...
by Vadim Tkachenko | Jan 18, 2018 | Insight for DBAs, Insight for Developers, MySQL, Security
In this blog post, we’ll look at does the Meltdown fix affect performance for MySQL on bare metal servers. Since the news about the Meltdown bug, there were a lot of reports on the performance hit from proposed fixes. We have looked at how the fix affects MySQL...
by Marco Tusa | Jan 15, 2018 | Monitoring, MySQL, ProxySQL, Security
In this blog post, we’ll look at ProxySQL firewalling (how to use ProxySQL as a firewall). Not long ago we had an internal discussion about security, and how to enforce a stricter set of rules to prevent malicious acts and block other undesired queries. ProxySQL...
by Tom De Cooman | Jan 4, 2018 | MongoDB, MySQL, Open Source, Security
In this blog post, we examine the recent revelations about CPU security vulnerabilities. The beginning of the new year also brings to light fresh and new CPU security vulnerabilities. Today’s big offenders originate on the hardware side – more specifically, the...
by Aayushi Mangal | Dec 15, 2017 | Insight for DBAs, Insight for Developers, MongoDB, Security
In this blog post, we’ll look at MongoDB 3.6 security improvements. As we’ve already talked about in this series, MongoDB 3.6 has a number of new features in it. But we have talked less about the new security enhancements in this release. The MongoDB 3.6...
by Adamo Tonete | Nov 7, 2017 | MongoDB, Percona Software, Webinars
Join Percona’s Senior Technical Services Engineer Adamo Tonete as he presents MongoDB Security Webinars: Enhanced Security Using LDAP Authentication on Wednesday, November 8, 2017 at 11:00 am PST / 2:00 pm EST (UTC-8). Experience: Intermediate Tags: SysAdmin, DBAs In...
by Adamo Tonete | Nov 6, 2017 | MongoDB, Security
In this blog post, we’ll focus on MongoDB security and discuss how to configure Percona Server for MongoDB to authenticate a user with an LDAP server. It is important to mention that Percona Server for MongoDB features LDAP authentication free of charge for...
by Jervin Real | Sep 19, 2017 | Insight for DBAs, ProxySQL, Security
In this blog post, we’ll look at how ProxySQL improves MySQL SSL connection performance. When deploying MySQL with SSL, the main concern is that the initial handshake causes significant overhead if you are not using connection pools (i.e., mysqlnd-mux with PHP,...
by Dave Avery | Sep 5, 2017 | Insight for DBAs, Insight for Developers, MongoDB, Security
A new set of MongoDB attacks and data breaches struck businesses this weekend, mirroring the attacks that hit back in January and putting MongoDB security back into the spotlight. Like the last set, this new attack strategy focused on ransomware that demanded a paid...
by Emily Ikuta | Aug 7, 2017 | MongoDB, Security, Webinars
Join Percona’s Senior Technical Services Engineer, Adamo Tonete as he presents MongoDB Security: Making Things Secure by Default on Wednesday, August 9, 2017 at 11:00 am PDT / 2:00 pm EDT (UTC-7). Register Now MongoDB security breaches have regularly been in the news....
by Emily Ikuta | Jul 10, 2017 | Insight for DBAs, MariaDB, MySQL, Security, Webinars
Join Percona’s Chief Evangelist, Colin Charles as he presents Securing Your MySQL/MariaDB Data on Tuesday, July 11, 2017 at 7:00 am PDT / 10:00 am EDT (UTC-7). Register Now This webinar will discuss the features of MySQL/MariaDB that when enabled and used improve the...
by Emily Ikuta | Jul 5, 2017 | MySQL
Join Percona’s Solutions Engineer, Dimitri Vanoverbeke as he presents Security and Encryption in the MySQL World on Thursday, July 6, 2017, at 7:00 am PDT / 10:00 am EDT (UTC-7). Register Now MySQL and MariaDB Server provide many new features that help with...
by Manjot Singh | Jun 28, 2017 | MySQL, Security
Welcome to Part 2 in a series of blog posts on MySQL encryption at rest. This post covers InnoDB tablespace encryption. At Percona, we work with a number of clients that require strong security measures for PCI, HIPAA and PHI compliance, where data managed by MySQL...
by Tibor Korocz | Jun 27, 2017 | Insight for DBAs, MySQL, Security
This blog post looks at SSL connections and how they work in MySQL 5.7. Recently I was working on an SSL implementation with MySQL 5.7, and I made some interesting discoveries. I realized I could connect to the MySQL server without specifying the SSL keys on the...
by Manjot Singh | Jun 6, 2017 | MySQL, Security
In this first of a series of blog posts, we’ll look at MySQL encryption at rest. At Percona, we work with a number of clients that require strong security measures for PCI, HIPAA and PHI compliance, where data managed by MySQL needs to be encrypted “at...
by Adamo Tonete | May 17, 2017 | Insight for DBAs, MongoDB, Security
In this blog post, we’ll walk through the native MongoDB authentication and roles, and learn how to create personalized roles. It is a continuation of Securing MongoDB instances. As said before, MongoDB features a few authentication methods and built-in roles that...
by Andrew Moore | Apr 21, 2017 | Cloud, MySQL, Security
This quick post demonstrates using Percona Server for MySQL in Docker Swarm with some new authentication provisioning practices. Some small changes to the startup script for the Percona-Server container image allows us to specify a file that contains password values...
by Tomislav Plavcic | Mar 3, 2017 | MongoDB, Percona Software, Security
This blog post is another in the series on the Percona Server for MongoDB 3.4 bundle release. In this blog post, we’ll talk about the MongoDB audit log. Percona’s development team has always invested in the open-source community a priority – especially for...
by David Busby | Feb 27, 2017 | MySQL, Security
This blog post examines the recent MySQL® ransomware attacks, and what open source database security best practices could have prevented them. Unless you’ve been living under a rock, you know that there has been an uptick in ransomware for MongoDB and...
