MySQL Security for Fun and Profit

Database Administration
3 April 3:30PM - 4:20PM @ Ballroom D

Experience level: 
50 minutes conference
Unauthorized disclosure of sensitive data can translate into anything from a black eye in the press to millions of dollars in fines, lost revenue, and damage control, but far too often, database security is something of an afterthought. Too many people are content to firewall their database server from the Internet and, believing that the perimeter is secure, ignore some very real vulnerabilities in the soft underbelly of their infrastructure. In this session, we will expose that soft underbelly and discuss some ways to get it back into six-pack form. Topics that we'll cover include: - Information assurance and why unauthorized access is only part of the story. - Commonly-observed worst practices: the what, the why, and the how not to. - Recommended best practices for authentication, authorization, and data access. - Encryption at rest, encryption in flight, and performance implications thereof. - What's new and noteworthy in MySQL 5.6. Some knowledge of system / network security best practices is assumed; many hours could be (and are, quite frequently) devoted to those topics, and I will not be explaining such things as why it is a bad idea to run MySQL as root while listening on a wide open public network interface. The focus for this talk is on the proper configuration and operational care and feeding of MySQL from a security-oriented perspective.


Bit Wrangler, Database Engineer, REDACTED
Ernie is currently a database engineer at **REDACTED**, bringing many years of diverse experience as a systems architect and engineer in both independent consulting and standard-employee roles. He has worked in almost every technology role present in the Internet era, from Perl/Java developer to Linux sysadmin, MySQL DBA to Cisco network engineer, security auditor to IT engineering manager. In his previous lives, Ernie was most recently a Senior Architect with Percona, designing and building scalable solutions for MySQL users in a wide variety of industries, and prior to that spent his days working heavily with deployment automation and designing infrastructure stacks driven by some of today's leading virtualization platforms. Current areas of interest include artificial intelligence, data analytics, and neuroscience. He holds a BS in mathematics and a BA in political science from Arizona State University.