This document summarizes a presentation on MariaDB/MySQL security essentials. The presentation covered historically insecure default configurations, privilege escalation vulnerabilities, access control best practices like limiting privileges to only what users need and removing unnecessary accounts. It also discussed authentication methods like SSL, PAM, Kerberos and audit plugins. Encryption at the table, tablespace and binary log level was explained as well. Preventing SQL injections and available security assessment tools were also mentioned.
Presented at the MySQL Chicago Meetup in August 2016. The focus of the talk is on backups and verification, replication and failover, as well as security and encryption.
Best practices for MySQL/MariaDB Server/Percona Server High Availability
Best practices for MySQL/MariaDB Server/Percona Server High Availability - presented at Percona Live Amsterdam 2016. The focus is on picking the right High Availability solution, discussing replication, handling failure (yes, you can achieve a quick automatic failover), proxies (there are plenty), HA in the cloud/geographical redundancy, sharding solutions, how newer versions of MySQL help you, and what to watch for next.
Presented at Percona Live Amsterdam 2016, this is an in-depth look at MariaDB Server right up to MariaDB Server 10.1. Learn the differences. See what's already in MySQL. And so on.
This document discusses MariaDB plugins and provides examples of several useful plugins, including authentication plugins, password validation plugins, SQL error logging, audit logging, query analysis, and more. It encourages contributing plugins to help extend MariaDB's functionality.
An introduction to MongoDB from an experienced MySQL user and developer. There are differences and we go thru the What/Why/Who/Where of MongoDB, the "similarities" to the MySQL world like storage engines, how replication is a little more interesting with built-in sharding and automatic failover, backups, monitoring, DBaaS, going to production and finding out more resources.
MySQL features missing in MariaDB Server. Here's an overview from the New York developer's Unconference in February 2018. This is primarily aimed at the developers, to decide what goes into MariaDB 10.4, as opposed to users.
High level comparisons are made between MySQL 5.6/5.7 with of course MySQL 8.0 as well. Here's to ensuring MariaDB Server 10/310.4 has more "Drop-in" compatibility.
At the MariaDB Server Developer's meeting in Amsterdam, Oct 8 2016. This was the deck to talk about what MariaDB Server 10.1/10.2 might be missing from MySQL versions up to 5.7. The focus is on compatibility of MariaDB Server with MySQL.
Failure happens, and we can learn from it. We need to think about backups, but also verification of them. We should definitely make use of replication and think about automatic failover. And security is key, but don't forget that encryption is now available in MySQL, Percona Server and MariaDB Server.
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
This document discusses MySQL proxy technologies including MySQL Router, ProxySQL, and MariaDB MaxScale. It provides an overview of each technology, including when they were released, key features, and comparisons between them. ProxySQL is highlighted as a popular option currently with integration with Percona tools, while MySQL Router may become more widely used due to its support for MySQL InnoDB Cluster. MariaDB MaxScale is noted for its binlog routing capabilities. Overall the document aims to help people understand and choose between the different MySQL proxy options.
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
This document provides an overview and summary of MariaDB 10 features presented by Ivan Zoratti. It discusses new features in MariaDB 10 like storage engines, administration improvements, and replication capabilities. The document also summarizes optimization enhancements in MariaDB 10 like the new optimizer, improved indexing techniques, and subquery optimizations. Various agenda topics are outlined for the MariaDB 10 tutorial.
MariaDB started life as a database to host the Maria storage engine in 2009. Not long after its inception, the MySQL community went through yet another change in ownership, and it was deemed that MariaDB will be a complete database branch developed to extend MySQL, but with constant merging of upstream changes.
The goal of the MariaDB project is to ensure that everyone is part of the community, including employees of the major steering companies. MariaDB also features enhanced features, some of which are common with the Percona Performance Server. Most importantly, MariaDB is a drop-in replacement and is completely backward compatible with MySQL. In 2010, MariaDB released 5.1 in February, and 5.2 in November – two major releases in a span of one calendar year is a feat that was achieved!
DBAs and developers alike will gain an introduction to MariaDB, what is different with MySQL, how to make use of the feature enhancements, and more.
The Complete MariaDB Server Tutorial - Percona Live 2015
The document provides an overview of the Complete MariaDB Server Tutorial presentation. It introduces MariaDB and discusses what it is, its goals of being compatible with MySQL and having stable releases. It also covers MariaDB architecture, installation, utilities, and storage engines.
MySQL and MariaDB are becoming more divergent. Learn what is different from a high level. It is also a good idea to ensure that you use the correct database for the correct job.
The MySQL ecosystem - understanding it, not running away from it!
You're a busy DBA thinking about having to maintain a mix of this. Or you're a CIO planning to choose one branch over another. How do you go about picking? Supporting multiple databases? Find out more in this talk. Also covered is a deep-dive into what feature differences exist between MySQL/Percona Server/MariaDB Server. Within 20 minutes, you'll leave informed and knowledgable on what to pick.
A base blog post to get started: https://www.percona.com/blog/2017/11/02/mysql-vs-mariadb-reality-check/
MariaDB is a community-developed fork of MySQL that aims to be a drop-in replacement. It focuses on being compatible, stable with no regressions, and feature-enhanced compared to MySQL. The presentation covered MariaDB's architecture including connections, query caching, storage engines, and tools for administration and development like mysql, mysqldump, and EXPLAIN.
Forking Successfully or do you think a branch will work better? Learn from history, see what's current, etc. Presented at OSCON London 2016. This is forking beyond the github generation. And if you're going to do it, some tips on how you could be successful.
The document summarizes the history and current state of the MySQL database server ecosystem. It discusses the origins and development of MySQL, MariaDB, Percona Server, and other related projects. It also describes some of the key features and innovations in recent versions of these database servers. The ecosystem is very active with contributions from many organizations and the future remains promising with ongoing work.
Otto Kekäläinen - Forking in Open Source: Case Study of MySQL/MariaDB - Mindt...
This document discusses the forking of open source software, using MySQL and MariaDB as a case study. It describes how MariaDB was forked from MySQL in 2009 after Oracle acquired Sun Microsystems and MySQL AB. This was done to ensure the continued open development of MySQL. Since then, MariaDB has grown into a successful open source database with a large community and adoption by organizations like Wikipedia. The document outlines the open development practices of MariaDB and how forking can both influence a project and ensure its long term success and viability.
The document describes how to undelete rows from MySQL binary logs without doing a full point-in-time recovery. It shows deleting a row from a table, finding the delete event in the binary log, decoding the event, rebuilding it as a write event, and replaying it to undo the delete. This allows quickly undeleting rows by manipulating the binary log directly rather than doing a slow full restore.
Lessons from {distributed,remote,virtual} communities and companies
A last minute talk for the people at DevOps Amsterdam, happening around the same time as O'Reilly Velocity Amsterdam 2016. Here are lessons one can learn from distributed/remote/virtual communities and companies from someone that has spent a long time being remote and distributed.
The document discusses geobased augmented reality content management in the cloud. It provides examples of augmentations created by HOPPALA including Hoppala Goes Easter 3D, Woombamania 3D, and a virtual public art project along the Berlin Wall. It also outlines the native development and browser architecture used to display augmentations, and provides examples of augmentation metadata formats.
This was a short 25 minute talk, but we go into a bit of a history of MySQL, how the branches and forks appeared, what's sticking around today (branch? Percona Server. Fork? MariaDB Server). What should you use? Think about what you need today and what the roadmap holds.
Simple tips to improve Server Security
In these times, it’s very essential to secure your servers from the outside as well as from customers using the server. This session will show some basic methods on how to protect your server(s).
Pulkit Gupta
CEO & Chief Architect
Softaculous
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
This document discusses Kafka security and provides tips for implementing it. It covers the three main aspects of Kafka security: encryption, authentication, and authorization. For encryption, it explains how to set up SSL and discusses options for end-to-end encryption. Authentication details how to use SSL client authentication or SASL mechanisms like Kerberos or PLAIN. Authorization explains managing access control lists (ACLs) stored in Zookeeper to control access. The document concludes by emphasizing the challenges of securing Kafka clients and provides advice like creating standardized client wrappers and Docker images.
MySQL is the most popular database on the web but how do you keep your data safe as it is virtualized, contained, put into the cloud, replicated, and sharded out to servers where DBAs have minimal actual control.
The importance of security in 2013, with more websites getting hacked daily and penetration testers being one of the most the requested IT jobs.
Develops need to be sure how secure their applications against threads like SQL injection, cross site scripting, weak passwords, brute force or dictionary attacks.
SQL Server has been running on Windows for years. Now Microsoft is making it available on Linux in order to provide a consistent database platform across Window and Linux servers, as well as on-premises and in the cloud. In this presentation, Janis Griffin, database performance evangelist at SolarWinds, discusses the advantages of using SQL Server on Linux, comparing architecture, cost and performance.
This document provides tips and best practices for staying sane as a Drupal developer. It discusses that 80% of building Drupal sites is configuration, while the remaining 20% requires customization. It emphasizes using Drupal APIs and hooks, playing well with contributed modules, and following coding standards and best practices like version control, automated testing and deployment, and documentation.
This document discusses database security and best practices for securing MySQL databases. It covers common database vulnerabilities like poor configurations, weak authentication, lack of encryption, and improper credential management. It also discusses database attacks like SQL injection and brute force attacks. The document provides recommendations for database administrators to properly configure access controls, encryption, auditing, backups and monitoring to harden MySQL databases.
The Spy Who Loathed Me - An Intro to SQL Server Security
You have lots of data you have painstakingly collected over the years. How do you ensure that data is protected from hackers, spies and other ne’er-do-wells? Understanding the vast array of security features available in SQL Server is the first step in helping you determine what actions you need to take now to protect your data.
Fonts used: SkyFall Done
Calibri
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
Talking about the improvements in MariaDB on MySQL security and encryption features that are so important in today's data landscape. Presented http://www.meetup.com/EffectiveMySQL/events/224828891/
Having spent more than the last decade being the main point of contact for distributions shipping MySQL, then MariaDB Server, it's clear that working with distributions have many challenges. Licensing changes (when MySQL moved the client libraries from LGPL to GPL with a FOSS Exception), ABI changes, speed (or lack thereof) of distribution releases/freezes, supporting the software throughout the lifespan of the distribution, specific bugs due to platforms, and a lot more will be discussed in this talk. Let's not forget the politics. How do we decide "tiers" of importance for distributions? As a bonus, there will be a focus on how much effort it took to "replace" MySQL with MariaDB.
Benefits: if you're making a distribution, this is the point of view of the upstream package makers. Why are distribution statistics important to us? Do we monitor your bugs system or do you have a better escalation to us? How do we test to make sure things are going well before release. This and more will be spoken about.
As an upstream project (package), we love nothing more than being available everywhere. But time and energy goes into making this is so as there are quirks in every distribution.
Today you can use hosted MySQL/MariaDB/Percona Server in several "cloud providers" in what is considered using it as a service, a database as a service (DBaaS). You can also use hosted PostgreSQL and MongoDB thru various service providers. Learn the differences, the access methods, and the level of control you have for the various public cloud offerings:
- Amazon RDS for MySQL and PostgreSQL
- Google Cloud SQL
- Rackspace OpenStack DBaaS
- The likes of compose.io, MongoLab and Rackspace's offerings around MongoDB
The administration tools and ideologies behind it are completely different, and you are in a "locked-down" environment. Some considerations include:
* Different backup strategies
* Planning for multiple data centres for availability
* Where do you host your application?
* How do you get the most performance out of the solution?
* What does this all cost?
Growth topics include:
* How do you move from one DBaaS to another?
* How do you move all this from DBaaS to your own hosted platform?
Questions like this will be demystified in the talk. This talk will benefit experienced database administrators (DBAs) who now also have to deal with cloud deployments as well as application developers in startups that have to rely on "managed services" without the ability of a DBA.
Presented at the MySQL Chicago Meetup in August 2016. The focus of the talk is on backups and verification, replication and failover, as well as security and encryption.
Best practices for MySQL/MariaDB Server/Percona Server High AvailabilityColin Charles
Best practices for MySQL/MariaDB Server/Percona Server High Availability - presented at Percona Live Amsterdam 2016. The focus is on picking the right High Availability solution, discussing replication, handling failure (yes, you can achieve a quick automatic failover), proxies (there are plenty), HA in the cloud/geographical redundancy, sharding solutions, how newer versions of MySQL help you, and what to watch for next.
Presented at Percona Live Amsterdam 2016, this is an in-depth look at MariaDB Server right up to MariaDB Server 10.1. Learn the differences. See what's already in MySQL. And so on.
This document discusses MariaDB plugins and provides examples of several useful plugins, including authentication plugins, password validation plugins, SQL error logging, audit logging, query analysis, and more. It encourages contributing plugins to help extend MariaDB's functionality.
An introduction to MongoDB from an experienced MySQL user and developer. There are differences and we go thru the What/Why/Who/Where of MongoDB, the "similarities" to the MySQL world like storage engines, how replication is a little more interesting with built-in sharding and automatic failover, backups, monitoring, DBaaS, going to production and finding out more resources.
MySQL features missing in MariaDB ServerColin Charles
MySQL features missing in MariaDB Server. Here's an overview from the New York developer's Unconference in February 2018. This is primarily aimed at the developers, to decide what goes into MariaDB 10.4, as opposed to users.
High level comparisons are made between MySQL 5.6/5.7 with of course MySQL 8.0 as well. Here's to ensuring MariaDB Server 10/310.4 has more "Drop-in" compatibility.
MariaDB Server Compatibility with MySQLColin Charles
At the MariaDB Server Developer's meeting in Amsterdam, Oct 8 2016. This was the deck to talk about what MariaDB Server 10.1/10.2 might be missing from MySQL versions up to 5.7. The focus is on compatibility of MariaDB Server with MySQL.
Failure happens, and we can learn from it. We need to think about backups, but also verification of them. We should definitely make use of replication and think about automatic failover. And security is key, but don't forget that encryption is now available in MySQL, Percona Server and MariaDB Server.
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleColin Charles
This document discusses MySQL proxy technologies including MySQL Router, ProxySQL, and MariaDB MaxScale. It provides an overview of each technology, including when they were released, key features, and comparisons between them. ProxySQL is highlighted as a popular option currently with integration with Percona tools, while MySQL Router may become more widely used due to its support for MySQL InnoDB Cluster. MariaDB MaxScale is noted for its binlog routing capabilities. Overall the document aims to help people understand and choose between the different MySQL proxy options.
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonIvan Zoratti
This document provides an overview and summary of MariaDB 10 features presented by Ivan Zoratti. It discusses new features in MariaDB 10 like storage engines, administration improvements, and replication capabilities. The document also summarizes optimization enhancements in MariaDB 10 like the new optimizer, improved indexing techniques, and subquery optimizations. Various agenda topics are outlined for the MariaDB 10 tutorial.
MariaDB started life as a database to host the Maria storage engine in 2009. Not long after its inception, the MySQL community went through yet another change in ownership, and it was deemed that MariaDB will be a complete database branch developed to extend MySQL, but with constant merging of upstream changes.
The goal of the MariaDB project is to ensure that everyone is part of the community, including employees of the major steering companies. MariaDB also features enhanced features, some of which are common with the Percona Performance Server. Most importantly, MariaDB is a drop-in replacement and is completely backward compatible with MySQL. In 2010, MariaDB released 5.1 in February, and 5.2 in November – two major releases in a span of one calendar year is a feat that was achieved!
DBAs and developers alike will gain an introduction to MariaDB, what is different with MySQL, how to make use of the feature enhancements, and more.
The Complete MariaDB Server Tutorial - Percona Live 2015Colin Charles
The document provides an overview of the Complete MariaDB Server Tutorial presentation. It introduces MariaDB and discusses what it is, its goals of being compatible with MySQL and having stable releases. It also covers MariaDB architecture, installation, utilities, and storage engines.
Differences between MariaDB 10.3 & MySQL 8.0Colin Charles
MySQL and MariaDB are becoming more divergent. Learn what is different from a high level. It is also a good idea to ensure that you use the correct database for the correct job.
The MySQL ecosystem - understanding it, not running away from it! Colin Charles
You're a busy DBA thinking about having to maintain a mix of this. Or you're a CIO planning to choose one branch over another. How do you go about picking? Supporting multiple databases? Find out more in this talk. Also covered is a deep-dive into what feature differences exist between MySQL/Percona Server/MariaDB Server. Within 20 minutes, you'll leave informed and knowledgable on what to pick.
A base blog post to get started: https://www.percona.com/blog/2017/11/02/mysql-vs-mariadb-reality-check/
MariaDB: in-depth (hands on training in Seoul)Colin Charles
MariaDB is a community-developed fork of MySQL that aims to be a drop-in replacement. It focuses on being compatible, stable with no regressions, and feature-enhanced compared to MySQL. The presentation covered MariaDB's architecture including connections, query caching, storage engines, and tools for administration and development like mysql, mysqldump, and EXPLAIN.
Forking Successfully - or is a branch better?Colin Charles
Forking Successfully or do you think a branch will work better? Learn from history, see what's current, etc. Presented at OSCON London 2016. This is forking beyond the github generation. And if you're going to do it, some tips on how you could be successful.
The document summarizes the history and current state of the MySQL database server ecosystem. It discusses the origins and development of MySQL, MariaDB, Percona Server, and other related projects. It also describes some of the key features and innovations in recent versions of these database servers. The ecosystem is very active with contributions from many organizations and the future remains promising with ongoing work.
Otto Kekäläinen - Forking in Open Source: Case Study of MySQL/MariaDB - Mindt...Mindtrek
This document discusses the forking of open source software, using MySQL and MariaDB as a case study. It describes how MariaDB was forked from MySQL in 2009 after Oracle acquired Sun Microsystems and MySQL AB. This was done to ensure the continued open development of MySQL. Since then, MariaDB has grown into a successful open source database with a large community and adoption by organizations like Wikipedia. The document outlines the open development practices of MariaDB and how forking can both influence a project and ensure its long term success and viability.
The document describes how to undelete rows from MySQL binary logs without doing a full point-in-time recovery. It shows deleting a row from a table, finding the delete event in the binary log, decoding the event, rebuilding it as a write event, and replaying it to undo the delete. This allows quickly undeleting rows by manipulating the binary log directly rather than doing a slow full restore.
Lessons from {distributed,remote,virtual} communities and companiesColin Charles
A last minute talk for the people at DevOps Amsterdam, happening around the same time as O'Reilly Velocity Amsterdam 2016. Here are lessons one can learn from distributed/remote/virtual communities and companies from someone that has spent a long time being remote and distributed.
The document discusses geobased augmented reality content management in the cloud. It provides examples of augmentations created by HOPPALA including Hoppala Goes Easter 3D, Woombamania 3D, and a virtual public art project along the Berlin Wall. It also outlines the native development and browser architecture used to display augmentations, and provides examples of augmentation metadata formats.
This was a short 25 minute talk, but we go into a bit of a history of MySQL, how the branches and forks appeared, what's sticking around today (branch? Percona Server. Fork? MariaDB Server). What should you use? Think about what you need today and what the roadmap holds.
Simple tips to improve Server SecurityResellerClub
Simple tips to improve Server Security
In these times, it’s very essential to secure your servers from the outside as well as from customers using the server. This session will show some basic methods on how to protect your server(s).
Pulkit Gupta
CEO & Chief Architect
Softaculous
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
This document discusses Kafka security and provides tips for implementing it. It covers the three main aspects of Kafka security: encryption, authentication, and authorization. For encryption, it explains how to set up SSL and discusses options for end-to-end encryption. Authentication details how to use SSL client authentication or SASL mechanisms like Kerberos or PLAIN. Authorization explains managing access control lists (ACLs) stored in Zookeeper to control access. The document concludes by emphasizing the challenges of securing Kafka clients and provides advice like creating standardized client wrappers and Docker images.
MySQL is the most popular database on the web but how do you keep your data safe as it is virtualized, contained, put into the cloud, replicated, and sharded out to servers where DBAs have minimal actual control.
The importance of security in 2013, with more websites getting hacked daily and penetration testers being one of the most the requested IT jobs.
Develops need to be sure how secure their applications against threads like SQL injection, cross site scripting, weak passwords, brute force or dictionary attacks.
Hi! Ho! Hi! Ho! SQL Server on Linux We Go!SolarWinds
SQL Server has been running on Windows for years. Now Microsoft is making it available on Linux in order to provide a consistent database platform across Window and Linux servers, as well as on-premises and in the cloud. In this presentation, Janis Griffin, database performance evangelist at SolarWinds, discusses the advantages of using SQL Server on Linux, comparing architecture, cost and performance.
This document provides tips and best practices for staying sane as a Drupal developer. It discusses that 80% of building Drupal sites is configuration, while the remaining 20% requires customization. It emphasizes using Drupal APIs and hooks, playing well with contributed modules, and following coding standards and best practices like version control, automated testing and deployment, and documentation.
This document discusses database security and best practices for securing MySQL databases. It covers common database vulnerabilities like poor configurations, weak authentication, lack of encryption, and improper credential management. It also discusses database attacks like SQL injection and brute force attacks. The document provides recommendations for database administrators to properly configure access controls, encryption, auditing, backups and monitoring to harden MySQL databases.
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
You have lots of data you have painstakingly collected over the years. How do you ensure that data is protected from hackers, spies and other ne’er-do-wells? Understanding the vast array of security features available in SQL Server is the first step in helping you determine what actions you need to take now to protect your data.
Fonts used: SkyFall Done
Calibri
Hi! Ho! Hi! Ho! SQL Server on Linux We Go!SolarWinds
SQL Server has been running on Windows for years. Now Microsoft is making it available on Linux in order to provide a consistent database platform across Window and Linux servers, as well as on-premises and in the cloud. In this presentation, Janis Griffin, database performance evangelist at SolarWinds, discusses the advantages of using SQL Server on Linux, comparing architecture, cost and performance.
The document discusses security models in Apache Kafka. It describes the PLAINTEXT, SSL, SASL_PLAINTEXT and SASL_SSL security models, covering authentication, authorization, and encryption capabilities. It also provides tips on troubleshooting security issues, including enabling debug logs, and common errors seen with Kafka security.
Buckle up, join Christoph and get ready to learn 50 tips and tricks you can implement right away to improve your IBM Connections environment. Your users will thank you as they too benefit from this best practice list gathered from real-world projects while deploying and administering IBM Connections On-premises. Walk away with knowledge covering anything from Cognos integration, docs, CCM and Forms Experience Builder to the back end and DB2, TDI and SSO.
Gábor Hojtsy presented on Drupal security at Drupalcamp Bratislava. He discussed the top security risks for Drupal sites like insecure server configurations, weak passwords, and cross-site scripting vulnerabilities. Hojtsy explained the proper Drupal approaches to mitigate these risks, such as using strong passwords, keeping software updated, sanitizing user input, and leveraging Drupal's built-in security features like form tokens. He also covered the work of the Drupal security team to help ensure the core framework and contributed modules are secure.
At the moment MySQL 8 and MariaDB 10.4 are the latest versions of the corresponding database management systems. Each of these DBMSs has a unique set of features, unavailable in its analogue (MariaDB features might be unavailable in MySQL, and vice versa). In this presentation, we’ll cover these new features and provide recommendations re: which application will work best on which DBMS.
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
We will go over the layout of the MySQL code base, roughly following the query execution path. We will also cover how to extend MySQL with both built-in and pluggable add-ons.
The document discusses new features and enhancements in MySQL Connector/J including new connection properties, security improvements with SSL and pluggable authentication, and performance considerations when using prepared statements. It provides details on configuration options for SSL encryption and cipher suites as well as the pluggable authentication support in MySQL 5.5.
This document discusses various MySQL high availability solutions and best practices. It begins with an introduction to the presenter and their background and experience. Then it discusses the problems of redundancy, scaling, and high availability that these solutions aim to address. Several specific solutions are covered in detail, including Galera Cluster, master-slave replication, MySQL Cluster, Group Replication, MaxScale, MySQL Router, and MySQL InnoDB Cluster. Key features of each are summarized. The document concludes with an invitation for questions.
Firebird 3.x introduces several new features and changes from previous versions, including true SMP support, improved APIs, per-database configuration, increased limits, multiple security databases, and new SQL commands. The Firebird executable is now unified, and the cache, lock, and connection behaviors are determined by new configuration parameters. Additional changes include support for new data types, functions, triggers, international characters, and IPv6. The database engine and plug-in architecture were also updated.
Similar to MariaDB Server & MySQL Security Essentials 2016 (20)
MariaDB Server 10.3 is a culmination of features from MariaDB Server 10.2+10.1+10.0+5.5+5.3+5.2+5.1 as well as a base branch from MySQL 5.5 and backports from MySQL 5.6/5.7. It has many new features, like a GA-ready sharding engine (SPIDER), MyRocks, as well as some Oracle compatibility, system versioned tables and a whole lot more.
Presented at OSCON 2018. A review of what is available from MySQL, MariaDB Server, MongoDB, PostgreSQL, and more. Covering your choices, considerations, versions, access methods, cost, a deeper look at RDS and if you should run your own instances or not.
With a focus on Amazon AWS RDS MySQL and PostgreSQL, Rackspace cloud, Google Cloud SQL, Microsoft Azure for MySQL and PostgreSQL as well as a hint of the other clouds
Percona ServerをMySQL 5.6と5.7用に作るエンジニアリング(そしてMongoDBのヒント)Colin Charles
Engineering that goes into making Percona Server for MySQL 5.6 & 5.7 different (and a hint of MongoDB) for dbtechshowcase 2017 - the slides also have some Japanese in it. This should help a Japanese audience to read it. If there are questions due to poor translation, do not hesitate to drop me an email (byte@bytebot.net) or tweet: @bytebot
Databases require capacity planning (and to those coming from traditional RDBMS solutions, this can be thought of as a sizing guide). Capacity planning prevents resource exhaustion. Capacity planning can be hard. This talk has a heavier leaning on MySQL, but the concepts and addendum will help with any other data store.
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxSynapseIndia
Your comprehensive guide to RPA in healthcare for 2024. Explore the benefits, use cases, and emerging trends of robotic process automation. Understand the challenges and prepare for the future of healthcare automation
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
1. MariaDB/MySQL
Security Essentials
Colin Charles, Team MariaDB, MariaDB Corporation
colin@mariadb.com / byte@bytebot.net
http://bytebot.net/blog/ | @bytebot on Twitter
FLOSSUK 2016, London
17 March 2016
2. whoami
• Work on MariaDB at MariaDB Corporation (SkySQL
Ab)
• Merged with Monty Program Ab, makers of MariaDB
• Formerly MySQL AB (exit: Sun Microsystems)
• Past lives include Fedora Project (FESCO),
OpenOffice.org
• MySQL Community Contributor of the Year Award
winner 2014
3. Historically…
• No password for the ‘root’ user
• There is a default ‘test’ database
• Find a password from application config files (wp-
config.php, drupal’s settings.php, etc.)
• Are your datadir permissions secure (/var/lib/
mysql)?
• can you run strings mysql/user.MYD ?
4. Can you view privileges to
find a user with more access?
MariaDB [(none)]> SELECT host,user,password from mysql.user;
+--------------+-------------------+----------+
| host | user | password |
+--------------+-------------------+----------+
| localhost | root | |
| sirius | root | |
| 127.0.0.1 | root | |
| ::1 | root | |
| localhost | | |
| sirius | | |
+--------------+-------------------+----------+
5. More things to think about
• Does replication connection have global
permissions?
• If you can start/stop mysqld process, you can
reset passwords
• Can you edit my.cnf? You can run a SQL file
when mysqld starts with init-file
6. sql_mode
• 5.6 default = NO_ENGINE_SUBSTITUTION
• SQL_MODE = STRICT_ALL_TABLES,
NO_ENGINE_SUBSTITUTION
• Keeps on improving, like deprecating
NO_ZERO_DATE, NO_ZERO_IN_DATE (5.6.17)
and making it part of strict mode
7. mysql_secure_installation
• Pretty basic to run, but many don’t
• Remove anonymous users
• Remove test database
• Remove non-localhost root users
• Set a root password
8. Creating users
• The lazy way
• CREATE USER ‘foo’@‘%’;
• GRANT ALL ON *.* TO ‘foo’@‘%’;
• The above gives you access to all tables in all
databases + access from any external location
• ALL gives you a lot of privileges, including
SHUTDOWN, SUPER, CHANGE MASTER, KILL,
USAGE, etc.
9. SUPER privileges
• Can bypass a read_only
server
• Can bypass init_connect
• Can disable binary
logging
• Can dynamically change
configuration
• Reached
max_connections? Can
still make one connection
• https://dev.mysql.com/
doc/refman/5.6/en/
privileges-
provided.html#priv_super
• SUPER Read Only:
prohibit client updates for
everyone
10. So… only give users what
they need
• CREATE USER ‘foo’@‘localhost’ IDENTIFIED by
‘password’;
• GRANT CREATE, SELECT, INSERT, UPDATE,
DELETE on db.* to ‘foo’@‘localhost’;
11. And when it comes to
applications…
• Viewer? (read only access only)
• SELECT
• User? (read/write access)
• SELECT, INSERT, UPDATE, DELETE
• DBA? (provide access to the database)
• CREATE, DROP, etc.
12. Installation
• Using your Linux distribution… mostly gets you MariaDB when you
ask for mysql-server
• Except on Debian/Ubuntu
• However, when you get mariadb-server, you get an
authentication plugin — auth_socket for “automatic logins”
• You are asked by debhelper to enter a password
• You can use the APT/YUM repositories from Oracle MySQL,
Percona or MariaDB
• Don’t disable SELinux: system_u:system_r:mysqld_t:s0
13. Enable log-warnings
• Enable —log_warnings=2
• Can keep track of access denied messages
• Worth noting there are differences here in MySQL &
MariaDB
• https://dev.mysql.com/doc/refman/5.6/en/server-
options.html#option_mysqld_log-warnings
• https://mariadb.com/kb/en/mariadb/server-system-
variables/#log_warnings
14. MySQL 5.6 improvements
• Password expiry
• ALTER USER 'foo'@'localhost' PASSWORD
EXPIRE;
• https://dev.mysql.com/doc/refman/5.6/en/
password-expiration-sandbox-mode.html
• Password validation plugin
• VALIDATE_PASSWORD_STRENGTH()
15. MySQL 5.6 II
• mysql_config_editor - store authentication
credentials in an encrypted login path file
named .mylogin.cnf
• http://dev.mysql.com/doc/refman/5.6/en/mysql-
config-editor.html
• Random ‘root’ password on install
• mysql_install_db —random-passwords stored in
$HOME/.mysql_secret
16. MySQL 5.7
• Improved password expiry — automatic password
expiration available, so set
default_password_lifetime in my.cnf
• You can also require password to be changed every n-
days
• ALTER USER ‘foo'@'localhost' PASSWORD EXPIRE
INTERVAL n DAY;
• There is also account locking/unlocking now
• ACCOUNT LOCK/ACCOUNT UNLOCK
17. SSL
• You’re using the cloud and you’re using
replication… you don’t want this in cleartext
• Setup SSL (note: yaSSL vs OpenSSL can cause
issues)
• https://dev.mysql.com/doc/refman/5.6/en/ssl-
connections.html
• Worth noting 5.7 has a new tool:
mysql_ssl_rsa_setup
18. Initialise data directory using
mysqld now
• mysql_install_db is deprecated in 5.7
• mysqld itself handles instance initialisation
• mysqld —initialize
• mysqld —initialize-insecure
19. MariaDB passwords
• Password validation plugin (finally) exists now
• https://mariadb.com/kb/en/mariadb/development/mariadb-
internals-documentation/password-validation/
• simple_password_check password validation plugin
• can enforce a minimum password length and guarantee that a
password contains at least a specified number of uppercase
and lowercase letters, digits, and punctuation characters.
• cracklib_password_check password validation plugin
• Allows passwords that are strong enough to pass CrackLib test.
This is the same test that pam_cracklib.so does
21. What you do today
• MySQL stores accounts in the user table of the
my mysql database
• CREATE USER ‘foo’@‘localhost’
IDENTIFIED BY ‘password’;
22. select plugin_name, plugin_status from
information_schema.plugins where
plugin_type='authentication';
+-----------------------+---------------+
| plugin_name | plugin_status |
+-----------------------+---------------+
| mysql_native_password | ACTIVE |
| mysql_old_password | ACTIVE |
+-----------------------+---------------+
2 rows in set (0.00 sec)
23. Subtle difference w/MariaDB
& MySQL usernames
• Usernames in MariaDB > 5.5.31? 80 character limit (which you
have to reload manually)
create user
'long12345678901234567890'@'localhost'
identified by 'pass';
Query OK, 0 rows affected (0.01 sec)
vs
ERROR 1470 (HY000): String
'long12345678901234567890' is too long for user
name (should be no longer than 16)
25. auth_socket
• Authenticates against the Unix socket file
• Uses so_peercred socket option to obtain
information about user running client
• CREATE USER ‘foo’@‘localhost’
IDENTIFIED with auth_socket;
• Refuses connection of any other user but foo
from connecting
26. sha256_password
• Default in 5.6, needs SSL-built MySQL (if using it, best to set it
in my.cnf)
• default-authentication-plugin=sha256_password
• Default SSL is yaSSL, but with OpenSSL you get RSA
encryption
• client can transmit passwords to RSA server during
connection
• There exists key paths for private/public keys
• Passwords never exposed as cleartext when connecting
28. Let’s get somethings out of
the way
• PAM = Pluggable Authentication Module
• Use pam_ldap to to authenticate credentials
against LDAP server — configure /etc/
pam_ldap.conf (you also obviously need /etc/
ldap.conf)
• Simplest way is of course /etc/shadow auth
29. Percona Server
INSTALL PLUGIN auth_pam SONAME ‘auth_pam.so';
CREATE USER byte IDENTIFIED WITH auth_pam;
In /etc/pam.d/mysqld:
auth required pam_warn.so
auth required pam_unix.so audit
account required pam_unix.so audit
30. MariaDB
INSTALL SONAME ‘auth_pam’;
CREATE USER byte IDENTIFIED via pam USING
‘mariadb’;
Edit /etc/pam.d/mariadb:
auth required
pam_unix.so
account required
pam_unix.so
31. For MySQL compatibility
• Just use —pam-use-cleartext-plugin for
MySQL to use mysql_cleartext_password
instead of dialog plugin
32. Possible errors
• Connectors don’t support it:
• Client does not support authentication
protocol requested by server; consider
upgrading MySQL client.
• You may have to re-compile connector using
libmysqlclient to have said support
33. Kerberos
• Every participant in authenticated communication is
known as a ‘principal’ (w/unique name)
• Principals belong to administrative groups called
realms. Kerberos Distribution Centre maintains a
database of principal in realm + associated secret keys
• Client requests a ticket from KDC for access to a
specific asset. KDC uses the client’s secret and the
server’s secret to construct the ticket which allows the
client and server to mutually authenticate each other,
while keeping the secrets hidden.
34. MariaDB Kerberos plugin
• User principals: <username>@<KERBEROS
REALM>
• CREATE USER 'byte' IDENTIFIED VIA
kerberos AS ‘byte/mariadb@lp';
• so that is <username>/
<instance>@<KERBEROS REALM>
• Store Service Principal Name (SPN) is an option in
a config file
35. Works where?
• GSSAPI-based Kerberos widely used &
supported on Linux
• Windows supports SSPI authentication and the
plugin supports it
• Comes with MariaDB Server 10.1
36. 5.7 mysql_no_login
• mysql_no_login - prevents all client connections
to an account that uses it
• https://dev.mysql.com/doc/refman/5.7/en/mysql-
no-login-plugin.html
38. SQL Error Logging Plugin
• Log errors sent to clients in a log file that can be
analysed later. Log file can be rotated
(recommended)
• a MYSQL_AUDIT_PLUGIN
install plugin SQL_ERROR_LOG soname
'sql_errlog.so';
39. Audit Plugin
• Log server activity - who connects to the server,
what queries run, what tables touched - rotating
log file or syslogd
• MariaDB has extended the audit API, so user
filtering is possible
• a MYSQL_AUDIT_PLUGIN
INSTALL PLUGIN server_audit SONAME
‘server_audit.so’;
40. Roles
• Bundles users together, with similar privileges -
follows the SQL standard
CREATE ROLE audit_bean_counters;
GRANT SELECT ON accounts.* to
audit_bean_counters;
GRANT audit_bean_counters to ceo;
41. Encryption
• Encryption: tablespace and table level encryption with support
for rolling keys using the AES algorithm
• table encryption — PAGE_ENCRYPTION=1
• tablespace encryption — encrypts everything including log
files
• New file_key_management_filename,
file_key_management_filekey,
file_key_management_encryption_algorithm
• Well documented — https://mariadb.com/kb/en/mariadb/data-at-
rest-encryption/
42. Encryption II
• The key file contains encryption keys identifiers
(32-bit numbers) and hex-encoded encryption
keys (128-256 bit keys), separated by a
semicolon.
• don’t forget to create keys!
• eg. openssl enc -aes-256-cbc -md
sha1 -k secret -in keys.txt -out
keys.enc
44. Encryption III
CREATE TABLE customer (
customer_id bigint not null primary key,
customer_name varchar(80),
customer_creditcard varchar(20))
ENGINE=InnoDB
page_encryption=1
page_encryption_key=1;
45. Encryption IV
• Tablespace encryption (Google)
• again, you need to pick an encryption algorithm
• specify what to encrypt: innodb-encrypt-tables,
aria, aria-encrypt-tables, encrypt-tmp-
disk-tables, innodb-encrypt-log
• don’t forget key rotation:
• innodb-encryption-threads=4
• innodb-encryption-rotate-key-age=1800
46. Encryption V
• we also have tablespace scrubbing
• background process that regularly scans
through the tables and upgrades the
encryption keys
• scrubbing works for tablespaces and logs
• —encrypt-tmp-files
• —encrypt-binlog
47. Encryption VI
• /etc/my.cnf.d/enable_encryption.preset
• Consider using Eperi Gateway for Databases
• MariaDB Enterprise will have a plugin for Amazon Key
Management Server (KMS)
• mysqlbinlog has no way to read (i.e. decrypt) an
encrypted binlog
• This does not work with MariaDB Galera Cluster yet
(gcache is not encrypted yet), and also xtrabackup needs
additional work (i.e. if you encrypt the redo log)
48. Preventing SQL Injections
• MySQL Enterprise Firewall ($$$)
• http://mysqlserverteam.com/new-mysql-enterprise-
firewall-prevent-sql-injection-attacks/
• MaxScale Database Firewall filter (write your own
regex)
• https://mariadb.com/kb/en/mariadb-enterprise/
maxscale/maxscale-database-firewall-filter/
• https://mariadb.com/blog/maxscale-firewall-filter