Securing Access to Facebook's Databases
Since the beginning, Facebook has used a conventional username/password to secure access to production MySQL instances. Over the last few years, we've been working on moving to x509 TLS client certificate authenticated connections. Given the many types of languages and systems at Facebook that use MySQL in some way - this required a massive amount of changes for a lot of teams.
This talk is a partially technical overview of how our new solution works and part hard-learned tricks for getting an entire company to change their underlying MySQL client libraries.