Since the early days of GreenSQL, many people have written us asking why exactly they should implement a database security solution if they have already hardened their web application and are using a web application firewall, like mod_security, or even a professional closed source web application firewall such as Imperva, Breach, or F5.

The answer is not as simple as you may think, and I’m not going to preach to you about the great advantages using GreenSQL in front of your MySQL or PostgreSQL Database.

I’m going to highlight a few obvious current situations which will help you see the full picture of your Database security needs.

What is the core of the company?

When you come right down to it, the Database, eventually, is the core of your company or organization. All the information that the company is built upon is located in the Database. Without it, your company or organization cannot …

2009 has been a big year for Tungsten. In January we had (barely) working replication for MySQL. It had some neat features like global IDs and event filters, but to be frank you needed imagination to see the real value. Since then, Tungsten has grown into a full-blown database clustering solution capable of handling a wide range of user problems. Here are just a few of the features we completed over the course of the year:

• Autonomic cluster management using business rules to implement auto-discovery of new databases, failover, and quick recovery from failures
  
• Built-in broadcast monitoring of databases and replicators
• Integrated backup and restore operations
  
• Pluggable replication management, proven by clustering implementations based on PostgreSQL Warm Standby and Londiste
  
• Multiple routing mechanisms to provide seamless failover and load balancing of SQL
…

Time keeps on moving and we’re now only one week from Christmas, when people spend time with their families and loved ones. But, that is in a week, today it is time for a new edition of Log Buffer, where we catch up on database blogs from across the world, starting with SQL Server.

SQL Server
Over at Less Than Dot Ted Krueger brings up the question of the good, the bad and the ugly of database design where he says “In my career I have seen the ugly and then the really ugly but I found on this particular implementation it could get even uglier.”

Over at Carpe Datum the question is …

One week and a whole lot of snow later, it is time for the 173rd edition of Log Buffer, the weekly review of database blogs. MySQL goes first this week.

MySQL

On the MySQL Performance Blog, Peter Zaitsev and his readers discuss the question, how many partitions can you have? In Peter’s opinion, ” . . . be careful with number of partitions you use. Creating unused partitions for future use may cost you.”

Also, Peter’s colleague Aleksandr Kuzminsky announces the release of xtrabackup-1.0, an “open source online …

GreenSQL- December 2, 2009

GreenSQL has just announced that version 1.2 of its database firewall will provide PostgreSQL databases with the same protection from SQL Injection already enjoyed by MySQL databases. GreenSQL version 1.2 is now available for download as Open Source software from the company’s website at http://www.greensql.net/download

PostgreSQL is a popular Open Source database in wide use by small to medium-sized businesses. Currently, there is no solution, either Open or Closed Source, that provides a database firewall for PostgreSQL databases. As a result, they may be vulnerable to SQL injection attacks, one of the most widespread ways for gaining access to sensitive information stored in a database and/or taking control of a host server.

SQL injection, widely used by criminals, tricks Web applications into providing protected information from a database by exploiting existing queries such as user …

Hello, and welcome to the 171st edition of Log Buffer, the weekly review of database blogs. Let’s get it going this week with . . . 

Oracle

Uwe Hesse, the Oracle Instructor look at result cache, another brilliant 11g new feature. He says, “There are many amazing New Features in the 11g version, one of them is the possibility to cache the result sets of statements, that access large tables but return relatively few rows. Think of it like automagically created materialized views inside the SGA.” Commenters contribute some thoughts on problems with result cache and latch contention.

Christian Antognini is, as …

The No-SQL tag really lumps together a lot of concepts that are in fact as distinct from eachother as they are from SQL/RDBMS.

An object store is not at all similar to Cassandra and Hypertable, which is not at all like an column store. And when looking at BigTable derivatives, it’s quite important to realise that Google actually does joins in middle layers or apps, so while BigTable does not have joins, the apps essentially do use them – I’ve heard it professed that denormalising everything might be a fab idea, but I don’t quite believe in that for all cases, just like I don’t believe in ditching the structured form of RDBMS being the solution.

SQL/RDBMS has had a few decades of dominance now, and has thus become the great “general purpose” tool. With the ascent of all the other tools, it’s definitely worthwhile to look at them, but also realise that each (inluding SQL based ones) have their place. Moving all your …

OpenSQLCamp was a huge success! Not many folks have blogged about what they learned there….if you missed it, all is not lost. We did take videos of most of the sessions (we only had 3 video cameras, and 4 rooms, and 2 sessions were not recorded).

All the videos have been processed, and I am working on uploading them to YouTube and filling in details for the video descriptions. Not all the videos are up right now….right now all the lightning talks are up.

• 
  
• All the lightning talks belowin one continuous video (just over 54 minutes total)
  
• The Graph Engine (Antony Curtis)
  
• …

If you haven’t seen it, Josh Berkus has a very concise way to look at the confusing mess that is database “clustering” from the point of view of three distinct types of users: transactional, analytic, and online. I think that using this kind of distinction could help keep discussions clear — I’ve seen a lot of conversations around clustering run off the rails due to disagreements about what clustering means. MySQL Cluster, for example, is a huge red herring for a lot of people, but it seems to be a difficult process to learn it well enough to decide. If we called it a clustering solution for transactional users, but not for analytic or online users, it might help a lot.

Related posts:

1. …

This is the 170th edition of Log Buffer, the weekly review of database blogs. Welcome. Let’s kick off this week with a double-helping of . . . 

SQL Server

There are lots of good technical posts this week. The SSIS Junkie has some observations and a straw poll on sort transform arbitration. He writes, “This post was prompted by a thread on the MSDN SSIS forum today where the poster was asking how he could replicate the behaviour of SSIS’s Sort transform using T-SQL, specifically he wanted to know how the Sort transform chooses what data to pass through when the ‘Remove Duplicates’ option is checked.”

Another poll, …