Since MySQL 4.0 it's possible to use SSL to secure the connections to MySQL. Unfortunately this is not used very often.

It can be used for cient-server connections and for replication. It will encrypt your traffic and prevent man-in-the-middle attacks if you're using ssl-verify-server-cert when connecting using mysql.

Securing database communication can be required to be compliant to some regulations.

There are other means of preventing anyone from snooping your database traffic like VPN, SSH Tunneling or stunnel.

As usual the documentation is quite good. The only issue with the docs is that the verification step is missing. (Bug …

If so then were is it installed on your publicly accessible website. If the location is where the documentation states not to put it, or in other popular locations then you can easily become open to an attack. The following are apache logs of a simple hacker test to find a potential security hole on a new IP public address for a client.

My advice is never have PHPMyAdmin accessible by default. You should use HTTP authentication, firewall rules and additional security practices all to protect any level of access to your data.

78.111.81.180 - - [02/Feb/2011:05:29:24 -0500] "GET //phpmyadmin/ HTTP/1.1" 401 290 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
78.111.81.180 - - [02/Feb/2011:05:29:24 -0500] "GET //phpMyAdmin/ HTTP/1.1" 401 290 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
78.111.81.180 - - [02/Feb/2011:05:29:24 -0500] "GET //pma/ HTTP/1.1" 401 290 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
78.111.81.180 - - …

A special extended edition of Tech Messages for 2011-01-07 through 2011-01-08:

• The Services Used By Y Combinator Startups [Infographic] – ReadWriteCloud
  "The results show that the majority of Y Combinator startups depend on cloud services instead of self-hosted servers, traditional web hosting or co-location services."
• Tom Limoncelli on Time Management | O'Reilly Time Management for System Administrators | Sysadmins
  Video companions to to Time Management for System Administrators by Thomas A. Limoncelli.
• Guidelines …

Series

What are the chances for a free software cloud?

• Resolving the contradictions between web services, clouds, and open source
• Defining clouds, web services, and other remote computing
• Why clouds and web services will continue to take over computing
• Why web services should be released as free …

If you live in the U.S., this is the week to gorge on turkey. I wondered out loud last night to my wife if Thanksgiving is the day of the year when the most people eat the same meal. Can any of our overseas readers add to the conversation? Is there a holiday in your country where everyone eats pretty much the same thing? Anyway, before American brains shut down from an overdose of stuffing, here's some developer news you can use.

Oracle announces Plan B for Java

The Java language has continued to evolve over the years, adding features such as Generics. There's an ambitious wishlist of things that developers would like to see in Java 7, but apparently not enough time to do it all and still get a timely release out. As a result, the JCP has decided to forego some of the goodies until Java 8, which is not expected to grace the world until late 2012.

…

Welcome to , the weekly news blog about blogs in the datasphere… As we kick off , our own shares a few of her weekly favorites:

Oracle:

Arup Nanda posted an excellent script on how to summarize backup information from the rman catalog. He also posted a tool for automatically purging time-based partitions.

Pythian’s resident Exadata expert, Marc Fielding posted links to the …

The biggest challenges of today's web development are performance, scalabilty, rapid development and maintainability of the source code. Usually one quickly sets on abstraction models such as MVC, which poor covers the above mentioned requirements for today's development. Since my main concern is scalable and secure code, I've developed my own model, which solves the needs better. Below I will explain the model and take reference to my SQL class that implements this model.

Read the rest »

Around these days last year I presented `securich` for the first time. It was at froscon 2009, barely knowing anybody, spending my 27th birthday in a hostel in Germany fixing some bugs before the actual presentation on a 10 inch netbook (my mac had some problems at the time but thats another story :)). I got a beating, verbally of course! Many of the people listening to the presentation were expecting something else since another presentation was supposed to be running at that time, some even started dozing off (encouraging? not really hehe) but after a few minutes people started getting interested and asking all kind of questions. “This awesome” I thought to myself, “questions are good, it means people are understanding and want to know more”, but the more they learnt the more they realised how young securich was as a tool, lacking fundamental features like …

This is a very good article discussing the different HTML Sanitizers available in the PHP community, what they mean, and the general state of things. Even the WordPress sanitizer (Kses) is included in this review. I really recommend you read this before you start building your own mini cms.

This Thursday (June 10th, 14:00 UTC), Darren Cassar will rerun his February 25 presentation of Securich - Security Plugin for MySQL. (Recording of the session failed in February; hopefully it will succeed this time.) According to Darren, the author of the plugin, Securich is an incredibly handy and versatile tool for managing user privileges on MySQL through the use of roles. It basically makes granting and revoking rights a piece of cake, not to mention added security it provides through password expiry and password history, the customization level it permits, the fact that it runs on any MySQL 5.0 or later and it's easily deployable on any official MySQL binary, platform independent.
More information here: …