April 20, 2014

MySQL Security Webinar: Follow-up Q&A

Thanks to everyone who attended last week’s webinar on MySQL security; hopefully you’ve all gone out and set SELinux to enforcing mode if you weren’t already running that way. If you weren’t able to attend, the recording and slides are available for viewing/download. But now, without further ado, here are the questions which we didn’t […]

MySQL Security: Armoring Your Dolphin

My colleague and teammate Ernie Souhrada will be presenting a webinar on Wednesday, August 21, 2013 at 10 a.m. PDT titled “MySQL Security: Armoring Your Dolphin.” This is a popular topic with news breaking routinely that yet another Internet company has leaked private data of one form or another. Ernie’s webinar will be a great […]

Percona response to recent MySQL security bugs

Recently there have been discussions on several vulnerabilities in MySQL and closely related projects such as MariaDB and Percona Server. Usually we have inherited security fixes from MySQL when we have updated Percona Server to be based off a new Oracle MySQL release. In this case however, Oracle has been incredibly quiet. We’ve been examining […]

Clarification on MySQL security vulnerability

Contrary to initial reports here and here, further investigation has revealed that under some specific and limited circumstances, Percona Server and Percona XtraDB Cluster binaries, similar to other MySQL variants, are susceptible to the security vulnerability in MySQL/MariaDB sql/password.c: 64bit Ubuntu Oneiric (11.10) binaries are vulnerable in Percona Server ONLY on some hardware/virtualization platforms (confirmed […]

MySQL 5.6 security vs ease of use

MySQL 5.6 surely changes the game when it comes to security vs ease of use. Before MySQL 5.6 we would get default MySQL installation being pretty insecure – the user “root” will be created with no password as well as anonymous user with limited access from local host (though still enough to cause DOS attack […]

Security fixes for MySQL 4.0 and 4.1

In Percona Server security fix releases I mentioned patches for MySQL 4.0 and 4.1. I am happy to announce that GoDaddy.com released patches for MySQL 4.0 and MySQL 4.1 under GPL license and you can get them from our Launchpad: for 4.0: lp:~percona-dev/percona-patches/4.0.30 ( or https://launchpad.net/~percona-dev/percona-patches/4.0.30 ) for 4.1: lp:~percona-dev/percona-patches/4.1.24 ( or https://launchpad.net/~percona-dev/percona-patches/4.1.24) Fixed bugs: […]

Database security: Why should you review yours?

Ah database security… the black sheep of topics and something you would really rather not have to deal with right? I mean surely all the fanfare and paranoia is reserved for the neck beards with tinfoil hats whom live in their own D.I.Y Faraday cage … that must be it … it just has to […]

How to avoid common (but deadly) MySQL development mistakes

MySQL software developers are under pressure to do more in less time and create applications that adapt to ever-changing requirements. And it’s true that some of a developer’s time is wasted when his or her method of optimizing involves trying every combination of code and index definition. There is a better way. And next Wednesday […]

Oracle’s Morgan Tocker opens up about MySQL development, MySQL 5.7

Today’s post features an interview with Morgan Tocker, MySQL community manager at Oracle. Morgan is an old friend of Percona, having worked here as director of MySQL training from 2009 to 2011. He’s also done stints at MySQL, Sun Microsystems and InPowered. You can follow his adventures at his blog, “Master MySQL.”  You can also […]

Generating test data for MySQL tables

One of the common tasks requested by our support customers is to optimize slow queries. We normally ask for the table structure(s), the problematic query and sample data to be able to reproduce the problem and resolve it by modifying the query, table structure, or global/session variables. Sometimes, we are given access to the server […]