We have introduced a new policy for you to enforce on your non-privileged users. It requires their current password at the time they set a new password. It is optional and off by default. You can control it globally (for all non-privileged users) or on a per-user basis.…
Category Archives: Security
Data Masking in MySQL
If you’re here, that probably means you’re about to acquire some sensitive data to take care of. Or that you’ve already acquired it and are protecting it, and you want to see how MySQL Enterprise Data Masking and De-Identification features can help you do it in an easier, better and more efficient manner.…
The connection_control plugin : Keeping brute force attack in check
To quote book of all knowledge:
…
Password reuse policy in MySQL 8.0
MySQL has various kinds of password policy enforcement tools: a password can expire (even automatically), can be forced to be of a certain length, contain amounts of various types of characters and be checked against a dictionary of common passwords or the user account name itself.…
MySQL 8.0.4 : New Default Authentication Plugin : caching_sha2_password
Starting with MySQL 8.0.4, we are changing the default authentication plugin for MySQL server from mysql_native_password to caching_sha2_password. Correspondingly, libmysqlclient will now use caching_sha2_password as the default authentication mechanism, too.
Why did we do it?
The advantage of mysql_native_password is that it support challenge-response mechanism which is very quick and does not require encrypted connection.…
MySQL 8.0.4, OpenSSL, and MySQL Community Edition
Starting with the MySQL Community 8.0.4-RC we are unifying on OpenSSL as the default TLS/SSL library for both MySQL Enterprise Edition and MySQL Community Edition. Previously, MySQL Community Edition used YaSSL.
Why make this change?
- Community Requests – Supporting OpenSSL in the MySQL Community Edition has been one of the most frequently requested features.
Protecting Data with Digital Signatures by Example using MySQL Enterprise Edition
Often databases contain data that needs to be proven as valid and authentic. We want to ensure that a known person or other sender (e.g. a trusted app) of the information can’t deny content, nor that the content can change without that person (senders) consent.…
Hybrid Data Encryption by Example using MySQL Enterprise Edition
Sharing keys, passphrases with applications is problematic, especially with regard to encrypting data. Too often applications are developed where “the keys are left in the door” or at best “under the mat” – hard coded, in a clear text property file… exposed and vulnerable. …
MySQL 8.0: Making User Management DDLs Atomic
With MySQL 8.0, we are bringing in an important change in the way user management DDLs are executed.
Background
User management DDLs cover following user management actions:
- Creating user/role (CREATE USER [IF NOT EXISTS] / CREATE ROLE [IF NOT EXISTS])
- Altering user account properties (ALTER USER [IF EXISTS])
- Dropping user/role from database (DROP USER [IF EXISTS] / DROP ROLE [IF EXISTS])
- Granting/Revoking privileges to/from a user/role (GRANT/REVOKE)
Each of these administrative action can handle multiple entities as a part of single command.…
MySQL 5.7: New Audit Log Filtering Feature – Part 1
Security auditing plays important role in the process of securing a database system. Thanks to the MySQL Enterprise Audit extension, we can record all activities, such as client connections and execution of queries into a single log file, for later inspection.…