As an intro to his performance act, an “old school” entertainer Victor Borge once famously asked the audience: “Do you care for piano music?“, which was greeted by a crowd, only to be immediately followed by a self-ironic punch line – “Too bad.”…
Category Archives: Security
MySQL is OpenSSL-only now !
MySQL needs an SSL/TLS library. It uses it primarily to encrypt network connections, but also uses its various algorithms and random number generators.
OpenSSL is the golden standard when it comes to cross-platform open source SSL/TLS library that you use from C/C++.…
Partial Revokes from Database Objects
This is a 3 part blog series:
- Part 1: The SYSTEM_USER Dynamic Privilege
- Part 2 : Partial Revokes from Database Objects
- Part 3 : How to create multiple accounts for an app?
Have you ever encountered situations where you want to grant a user access to all databases except a few databases ? …
The SYSTEM_USER Dynamic Privilege
This is a 3 part blog series:
- Part 1: The SYSTEM_USER Dynamic Privilege
- Part 2 : Partial Revokes from Database Objects
- Part 3 : How to create multiple accounts for an app?
To modify users, you must have the CREATE USER privilege or the UPDATE privilege on the mysql schema.…
How to create multiple accounts for an app?
This is a 3 part blog series:
- Part 1: The SYSTEM_USER Dynamic Privilege
- Part 2 : Partial Revokes from Database Objects
- Part 3 : How to create multiple accounts for an app?
You can now grant CREATE USER so that your web apps would be able to use multiple accounts without you risking the end user hijacking the database by changing your root credentials for example. …
MySQL 8.0.13: Change Current Password Policy
We have introduced a new policy for you to enforce on your non-privileged users. It requires their current password at the time they set a new password. It is optional and off by default. You can control it globally (for all non-privileged users) or on a per-user basis.…
Data Masking in MySQL
If you’re here, that probably means you’re about to acquire some sensitive data to take care of. Or that you’ve already acquired it and are protecting it, and you want to see how MySQL Enterprise Data Masking and De-Identification features can help you do it in an easier, better and more efficient manner.…
The connection_control plugin : Keeping brute force attack in check
To quote book of all knowledge:
Password reuse policy in MySQL 8.0
MySQL has various kinds of password policy enforcement tools: a password can expire (even automatically), can be forced to be of a certain length, contain amounts of various types of characters and be checked against a dictionary of common passwords or the user account name itself.…
MySQL 8.0.4 : New Default Authentication Plugin : caching_sha2_password
Starting with MySQL 8.0.4, we are changing the default authentication plugin for MySQL server from mysql_native_password to caching_sha2_password. Correspondingly, libmysqlclient will now use caching_sha2_password as the default authentication mechanism, too.
Why did we do it?
The advantage of mysql_native_password is that it support challenge-response mechanism which is very quick and does not require encrypted connection.…