Join Percona Chief Evangelist Colin Charles as he covers happenings, gives pointers and provides musings on the open source database community.

Much of last week, there was a lot of talk around this article: New research shows 75% of ‘open’ Redis servers infected. It turns out, it helps that one should always read beyond the headlines because they tend to be more sensationalist than you would expect. From the author of Redis, I highly recommend reading Clarifications on the Incapsula Redis security report, because it turns out that in this case, it is beyond the headline. The content is also suspect. Antirez had to write this to help the press (we totally need to help keep reportage accurate).

Not to depart from the Redis world just yet, but …

Let them stay together.

In the last YEARS, I have seen quite often that users, when installing a product such as PXC, instead of spending five minutes to understand what to do just run

iptables -F

  and save.

In short, they remove any rules for their firewall.

With this post, I want to show you how easy it can be to do the right thing instead of putting your server at risk. I’ll show you how a slightly more complex setup like PXC (compared to MySQL), can be easily achieved without risky shortcuts.

iptables is the utility used to manage the chains of rules used by the Linux kernel firewall, which is your basic security tool.
Linux comes with a wonderful firewall built into the kernel. As an administrator, you can configure this firewall with interfaces like ipchains  — which we are not going to cover — and iptables, which we shall talk about.

iptables is …

Percona announces the GA release of Percona Server for MySQL 5.7.22-22 on on May 31, 2018. Download the latest version from the Percona web site or the Percona Software Repositories. You can also run Docker containers from the images in the Docker Hub repository.

Based on MySQL 5.7.22, including all the bug fixes in it, Percona Server for MySQL 5.7.22-22 is the current GA release in the Percona Server for MySQL 5.7 series. Percona …

The MariaDB Foundation is pleased to announce the availability of MariaDB 10.2.15, the latest stable release in the MariaDB 10.2 series, and MariaDB Connector/J 2.2.4, the latest stable release in the MariaDB Connector/J 2.2 series. See the release notes and changelogs for details. Download MariaDB 10.2.15 Release Notes Changelog What is MariaDB 10.2? MariaDB APT […]

The post MariaDB 10.2.15 and MariaDB Connector/J 2.2.4 now available appeared first on MariaDB.org.

Encryption is a very important form of security and It’s becoming a standard from a compliance perspective to ensure PCI, PII and HIPPA compliances. Encryption needs to be performed for Data at Rest, Data over Wire.

Data At Rest:

• Until 5.6, To encrypt the MySQL data files, Only disk level encryption possible (Gazzang, Luks)
• From 5.7.11 MySQL added a feature for tablespace encryption. Which encrypts only the …

The MariaDB Foundation is pleased to announce the availability of MariaDB 10.0.35, MariaDB Galera Cluster 5.5.60 as well as MariaDB Connector/C 3.0.4, all stable releases. See the release notes and changelogs for details. Download MariaDB 10.0.35 Release Notes Changelog What is MariaDB 10.0? MariaDB APT and YUM Repository Configuration Generator Download MariaDB Galera Cluster 5.5.60 […]

The post MariaDB 10.0.35, MariaDB Galera Cluster 5.5.60 and MariaDB Connector C 3.0.4 now available appeared first on MariaDB.org.

This blog post describes how to keep sensitive data secure on slave servers in a MySQL async replication setup.

Almost every web application has a sensitive data: passwords, SNN, credit cards, emails, etc. Splitting the database to secure and “public” parts allows for restricting user and application parts access to sensitive data.

Field encryption

This is based on MySQL encryption functions or on client-side encryption when the authorized user knows a secret, but encrypted data is distributed to all slaves.

• If possible, use hashes with a big enough salt, and do not store real sensitive …

We’re moving along at Percona Live 2018, and there are still packed and energetic talks after lunch.

My next session was with Andrew Regner, Production Engineer at Facebook. His talk was on securing access to Facebook’s databases.

Since the beginning, Facebook has used a conventional username/password to secure access to production MySQL instances. Over the last few years, they’ve been working on moving to x509 TLS client certificate authenticated connections. Given the many types of languages and systems at Facebook that use MySQL in some way, this required a massive amount of changes for a lot of teams.

This talk is both a technical overview of how their new solution works and hard-learned tricks for getting an entire company to change their underlying MySQL client libraries.

After his talk, …

Oracle MySQL 8.0 has been declared GA but a critical piece is missing … MySQL 8 is a fantastic release embedding the work of brilliant Oracle engineering. I will not detail all the great features of MySQL 8 as there are a lot of great presentations around it. https://mysqlserverteam.com/whats-new-in-mysql-8-0-generally-available/ One of my main concern regarding ...continue reading "A critical piece is missing for Oracle MySQL 8 (GA) …"

Percona announces the GA release of Percona Server for MySQL 5.7.21-21 on on April 24, 2018. Download the latest version from the Percona web site or the Percona Software Repositories. You can also run Docker containers from the images in the Docker Hub repository.

This version of Percona Server for MySQL 5.7.21 includes three new encryption features – Vault keyring plug-in, encryption for InnoDB general tablespaces, and encryption for binary log files.

These new capabilities, which allow companies to immediately …