The news that the latest MySQL 8.0.4 RC (release candidate) is available is indeed exciting. Unfortunately for users of the auth_socket plugin, dangers lie in wait!
Back in November 2015, I reported Failure of auth_socket authentication with sha256_password as default. This prevents users that identify with the
auth_socket
plugin from logging in after SHA256 authentication has been made the default authentication method. With the …
[Read more]Starting with the MySQL Community 8.0.4-RC we are unifying on OpenSSL as the default TLS/SSL library for both MySQL Enterprise Edition and MySQL Community Edition. Previously, MySQL Community Edition used YaSSL.
Why make this change?
…
In this blog post, we’ll look at the performance hit from the Spectre bug fix on Ubuntu.
Recently we measured the performance penalty from the Meltdown fix on Ubuntu servers. It turned out to be negligible.
Today, Ubuntu made a Spectre bug fix on Ubuntu available, shipped in kernel 4.4.0-112. As with the Meltdown fix, we measured the effect of this update. Unfortunately, we observed a major performance penalty on MySQL workloads with this new kernel.
Our benchmark used the following:
System:
The MariaDB project is pleased to announce the immediate availability of MariaDB 5.5.59. This is a stable (GA) release. See the release notes and changelog for details. Download MariaDB 5.5.59 Release Notes Changelog What is MariaDB 5.5? MariaDB APT and YUM Repository Configuration Generator Thanks, and enjoy MariaDB!
The post MariaDB 5.5.59 now available appeared first on MariaDB.org.
In this blog post, we’ll look at does the Meltdown fix affect performance for MySQL on bare metal servers.
Since the news about the Meltdown bug, there were a lot of reports on the performance hit from proposed fixes. We have looked at how the fix affects MySQL (Percona Server for MySQL) under a sysbench workload.
In this case, we used bare metal boxes with the following specifications:
Please note, the current kernel for Ubuntu 16.04 contains only a Meltdown fix, …
[Read more]In this blog post, we’ll look at ProxySQL firewalling (how to use ProxySQL as a firewall).
Not long ago we had an internal discussion about security, and how to enforce a stricter set of rules to prevent malicious acts and block other undesired queries. ProxySQL came up as a possible tool that could help us in achieving what we were looking for. Last year I wrote about how to use ProxySQL to stop a single query.
That approach may be good for few queries and as a temporary solution. But what can we do when we really want to use ProxySQL as an SQL-based firewall? And more importantly, how to do it right?
First of all, let us define what “right” can be in this context. …
[Read more]In this blog post, we examine the recent revelations about CPU security vulnerabilities.
The beginning of the new year also brings to light fresh and new CPU security vulnerabilities. Today’s big offenders originate on the hardware side – more specifically, the CPU. The reported hardware kernel bugs allow for direct access to data held in the computer/server’s memory, which in turn might leak sensitive data. Some of the most popular CPUs affected by these bugs are Intel, AMD and ARM.
The most important thing to know is that this vulnerability is not exploitable remotely, and requires that someone execute the malicious code locally. However, take extra precaution when running in virtualized environments (see below for more information).
A full overview (including a technical, in-depth …
[Read more]In this blog, we’ll look at how the hidepid options for /proc and Percona XtraDB Cluster can fight with one another.
One of the things I like about consulting at Percona is the opportunity to be exposed to unusual problems. I recently worked with a customer having issues getting SST to work with Percona XtraDB Cluster. A simple problem you would think. After four hours of debugging, my general feeling was that nothing made sense.
I added a bash trace to the SST script and it claimed MySQL died prematurely:
[ -n '' ]] + ps -p 11244 + wsrep_log_error 'Parent mysqld process (PID:11244) terminated unexpectedly.' + wsrep_log '[ERROR] Parent mysqld process (PID:11244) terminated unexpectedly.' ++ date '+%Y-%m-%d %H:%M:%S' + local readonly 'tst=2017-11-28 22:02:46'
At the same time, from the MySQL error log MySQL was …
[Read more]If that title looks familiar, it is because a few months ago I posted about LDAP with auth_pam and PHP to authenticate against MySQL.
The good news is that recompiling the connector for Python is a lot easier than for PHP. With PHP, the complexity was due to there being one monolithic package to recompile. The bad news is that there is a slight hitch with Python.
Skip down to the hitch and how to compile MySQLdb for use with auth_pam plugin.
As a quick reminder, here is a repeat of the background:
Background
There are two plugins that can be used. From the documentation, the two plugins are:
Notes/errata/updates for Chapter 9:
See the official book errata at http://tahaghoghi.com/LearningMySQL/errata.php –
Chapter 9 includes pages 297 – 350.
In the fourth paragraph of this chapter, starting with “Most applications don’t need superuser privileges for day-to-day activities” they give you some reasons why you want to create users without the SUPER privilege. There are better reasons than the book gives, which are at the MySQL Manual page for the SUPER privilege.
In the section “Creating and Using New Users” (p. 300) they say “There’s no limit on password length, but we recommend using eight or fewer characters because this avoids problems with system libraries on some platforms.” You should ignore this, this book …
[Read more]
