'Security' Tag

  • Baffling 5.7 global/status variables issues, unclean migration path

    August 7, 2015

    MySQL 5.7 introduces a change in the way we query for global variables and status variables: the INFORMATION_SCHEMA.(GLOBAL|SESSION)_(VARIABLES|STATUS) tables are now deprecated and empty. Instead, we are to use the respective performance_schema.(global|session)_(variables|status) tables. But the change goes farther than that; there is also a security change. Oracle¬†created a¬†pitfall of 2 changes at the same time: […]

  • Get per-object grants via common_schema

    September 29, 2014

    Did you know common_schema supports a complete breakdown of all accounts on your database server? It can provide you with the GRANT statements required to set up an account, the REVOKE statements to undo the former, and this can be broken down on a per-object & per-object-type basis. Consider the sql_grants view: Find who has […]

  • Some MySQL security tips

    July 28, 2014

    This is a brief list of security tips for MySQL. It is by no means complete. Follow the sudo example. Don't let all you DBAs and Ops have the password for the root account. Have each and every one of them have their own personal super-duper account, with their own personal and private password. This […]

  • Introducing audit_login: simple MySQL login logfile based auditing

    September 17, 2013

    audit_login is a simple MySQL login auditing plugin, logging any login or login attempt to log file in JSON format. It seems that audit plugins are all the rage lately... We've developed out simple plugin a month ago as part of our database securing efforts; by auditing any login or login attempt we could either […]

  • MySQL security top wish list

    August 29, 2013

    Security seems to have no boundaries. I've been tightening our database security lately, and it seems like this could go on forever: from app to console to privileges to server, there are so many aspects to managing database security. Unfortunately, this is a field where MySQL is in particular weak, and with very little work […]

  • MySQL security tasks easily solved with common_schema

    January 17, 2013

    Here are three security tasks I handled, which I'm happy to say were easily solved with common_schema's views and routines (with no prior planning). Two are so easy, that I actually now integrated them into common_schema 1.3: Duplicate a user (create new user with same privileges as another's) Find users with identical set of grants […]

  • common_schema: 1.3: security goodies, parameterized split(), json-to-xml, query checksum

    January 14, 2013

    common_schema 1.3 is released and is available for download. New and noteworthy in this version: Parameterized split(): take further control over huge transactions by breaking them down into smaller chunks, now manually tunable if needed duplicate_grantee(): copy+paste existing accounts along with their full set of privileges similar_grants: find which accounts share the exact same set […]

  • common_schema 1.2: security, partition management, processes, QueryScript goodies

    November 13, 2012

    common_schema 1.2 is released! This version comes shortly after 1.1, yet contains quite a few interesting goodies: Account blocking Security audit RANGE partition management Slave status Better blocking and idle transaction management QueryScript goodies: echo, report while-otherwise statement; foreach-otherwise statement Better variable scope handling Complete support for variable expansion Transaction support within QueryScript More summary […]

  • common_schema rev. 68: eval(), processlist_grantees, candidate_keys, easter_day()

    September 6, 2011

    Revision 68 of common_schema is out, and includes some interesting features: eval(): Evaluates the queries generated by a given query match_grantee(): Match an existing account based on user+host processlist_grantees: Assigning of GRANTEEs for connected processes candidate_keys: Listing of prioritized candidate keys: keys which are UNIQUE, by order of best-use. easter_day(): Returns DATE of easter day […]

  • Finding CURRENT_USER for any user

    August 9, 2011

    A MySQL account is a user/host combination. A MySQL connection is done by a user connecting from some host. However, the user/host from which the connection is made are not the same as the user/host as specified in the account. For example, the account may be created thus: CREATE USER 'temp'@'10.0.0.%' IDENTIFIED BY '123456'; The […]

Powered by Wordpress and MySQL. Theme by openark.org