April 18, 2014

Setting up MySQL SSL and secure connections

There are different articles on how to setup MySQL with SSL but it’s sometimes difficult to end up with a good simple one. Usually, setting up MySQL SSL is not really a smooth process due to such factors like “it’s not your day”, something is broken apparently or the documentation lies I am going to […]

Secure passwords being insecure

If you follow the general advices to create secure password the following ones seem to be secure, right? s11P$||!sh&2 pr0&!!ke0 3kj39|!381 The answer to the question is, “it depends on how you use them” Notice that these passwords all contain multiple exclamation points and ampersands which are normally special characters for your shell. The people […]

Advisory on Heartbleed (CVE-2014-0160) for Percona’s customers and users

Over the last few days, the Percona team has spent a lot of time evaluating the impact of the Heartbleed bug (CVE-2014-0160) for our customers and for the users of our software. We published a formal disclosure a few days ago. However, I thought a quick summary and some additional information would be good to […]

Heartbleed: Separating FAQ From FUD

If you’ve been following this blog (my colleague, David Busby, posted about it yesterday) or any tech news outlet in the past few days, you’ve probably seen some mention of the “Heartbleed” vulnerability in certain versions of the OpenSSL library. So what is ‘Heartbleed’, really? In short, Heartbleed is an information-leak issue. An attacker can […]

Database security: Why should you review yours?

Ah database security… the black sheep of topics and something you would really rather not have to deal with right? I mean surely all the fanfare and paranoia is reserved for the neck beards with tinfoil hats whom live in their own D.I.Y Faraday cage … that must be it … it just has to […]

Percona Monitoring Plugins 1.1.3. Addressed CVE-2014-2569.

Percona is glad to announce the release of Percona Monitoring Plugins 1.1.3. Changelog: * Introduced more secure location of PHP script configs to harden a Cacti setup * Addressed CVE-2014-2569 We have introduced a more secure location /etc/cacti/ for PHP script configs. Earlier, the only way was to keep .php.cnf configs inside of scripts/ folder […]

Hardening your Cacti setup

If you are using Percona Monitoring Plugins for Cacti, this article should be important to you. By default, the Cacti setup is closed from accessing from Web. Here is an excerpt from /etc/httpd/conf.d/cacti.conf:

In order, to access the Cacti web interface, most likely, you will be changing this configuration. Commenting out Deny/Require statements will […]

Monitoring MySQL with MONyog

Monitoring MySQL and effectively managing it can be challenging. Identifying issues before they grow into performance problems that impact end users can be crucial. Knowing which tools to use, which key metrics to monitor, and how to resolve issues can be enormously important. When considering these facts, we at Percona decided to take steps to […]

Percona XtraDB Cluster 5.6 GA release now available

Percona is pleased to announce the first General Availability release of the leading open source High Availability solution for MySQL, Percona XtraDB Cluster 5.6 on January 30, 2014. Binaries are available from downloads area or from our software repositories. Percona XtraDB Cluster 5.6 Percona XtraDB Cluster 5.6 is an active/active cluster solution for High Availability (HA) MySQL […]

Beware of MySQL 5.6 server UUID when cloning slaves

The other day I was working on an issue where one of the slaves was showing unexpected lag. Interestingly with only the IO thread running the slave was doing significantly more IO as compared to the rate at which the IO thread was fetching the binary log events from the master. I found this out […]