Category Archives: Security
A Tale of Two Password Authentication Plugins…
A long long time ago (in a galaxy far away… cue the music!) MySQL added support for an authentication plugin which is now known as mysql_native_password. The mysql_native_password plugin uses SHA1 hash to
- Store the password(SHA1(SHA1(password)) in mysql.user table
- Authenticate user
One of the good traits of this plugin is that it allows authentication using challenge-response mechanism which made it possible to verify identity of the client on an unencrypted channel without having a need to send the actual password.…
MySQL Keyring now speaks Hashicorp Vault
As an intro to his performance act, an “old school” entertainer Victor Borge once famously asked the audience: “Do you care for piano music?“, which was greeted by a crowd, only to be immediately followed by a self-ironic punch line – “Too bad.”…
MySQL is OpenSSL-only now !
MySQL needs an SSL/TLS library. It uses it primarily to encrypt network connections, but also uses its various algorithms and random number generators.
OpenSSL is the golden standard when it comes to cross-platform open source SSL/TLS library that you use from C/C++.…
Partial Revokes from Database Objects
This is a 3 part blog series:
- Part 1: The SYSTEM_USER Dynamic Privilege
- Part 2 : Partial Revokes from Database Objects
- Part 3 : How to create multiple accounts for an app?
Have you ever encountered situations where you want to grant a user access to all databases except a few databases ? …
The SYSTEM_USER Dynamic Privilege
This is a 3 part blog series:
- Part 1: The SYSTEM_USER Dynamic Privilege
- Part 2 : Partial Revokes from Database Objects
- Part 3 : How to create multiple accounts for an app?
To modify users, you must have the CREATE USER privilege or the UPDATE privilege on the mysql schema.…
How to create multiple accounts for an app?
This is a 3 part blog series:
- Part 1: The SYSTEM_USER Dynamic Privilege
- Part 2 : Partial Revokes from Database Objects
- Part 3 : How to create multiple accounts for an app?
You can now grant CREATE USER so that your web apps would be able to use multiple accounts without you risking the end user hijacking the database by changing your root credentials for example. …
MySQL 8.0.13: Change Current Password Policy
We have introduced a new policy for you to enforce on your non-privileged users. It requires their current password at the time they set a new password. It is optional and off by default. You can control it globally (for all non-privileged users) or on a per-user basis.…
Data Masking in MySQL
If you’re here, that probably means you’re about to acquire some sensitive data to take care of. Or that you’ve already acquired it and are protecting it, and you want to see how MySQL Enterprise Data Masking and De-Identification features can help you do it in an easier, better and more efficient manner.…
The connection_control plugin : Keeping brute force attack in check
To quote book of all knowledge: