Category Archives: Security

An update on default_password_lifetime

January 19, 2016Defaults, MySQL, SecurityMike Zinner

With MySQL 5.7, our goal is to be secure by default. This means that without having to change configuration settings or perform any additional steps, your fresh installation should be safe for production use.

As part of this security initiative, MySQL 5.7 shipped with a new feature where user accounts will be disabled if the password has not been changed in a number of days.…

Protecting MySQL Passwords With the sha256_password Plugin

September 16, 2015MySQL, Plugins, Security, SSLmysql, plugins, SecurityMike Zinner

Over the years, MySQL has used three different mechanisms for securing passwords both for storage and for transmission across networks. This blog post aims to provide a brief history of the various mechanisms and highlight reasons to migrate accounts to use the sha256_password mechanism introduced in MySQL Server 5.6.…

Track and Optimize Server Connection Methods

September 9, 2015Audit, Enterprise, Logging, News, Performance Schema, Security, Windowsaudit, connections, general, log, monitoring, protocol, tcpGeorgi Kodinov

The MySQL server supports a variety of client connection methods. To summarize: you have TCP/IP (v4 and v6) on all OSes (with or without TLS/SSL encryption), Unix Domain Sockets on Unix/Linux, and Named Pipes and/or Shared Memory on Windows.

Each of these connection methods has its own set of pros and cons: speed, security, portability, and ease-of-use.…

Identifying Insecure Connections

August 27, 2015MySQL, Performance Schema, Security, SSL, Upgradesmysql, performance schema, SecurityMike Zinner

A key theme of the MySQL Server 5.7 release is much improved security. Earlier releases of MySQL 5.7 have introduced features supporting this initiative including automatic generation and detection of TLS key material and client-side preference for TLS connections. The recent MySQL 5.7.8 release builds upon this and provides additional monitoring and audit capabilities that make it easy to answer the question: “How secure are my client connections?”.…

SSL/TLS and RSA Improvements for OpenSSL Linked MySQL 5.7 Binaries

April 21, 2015MySQL, SecurityRSA, Security, sha256_password, SSLHarin Vadodaria

What?

MySQL 5.7 server binaries compiled with the OpenSSL library now make it easy to set up SSL/TLS and RSA artifacts, and to enable them within MySQL. Two new read-only global options have been introduced through this work:

--auto-generate-certs: Enables automatic generation and detection of SSL artifacts at server start-up.

…

Initialize Your MySQL 5.7 Instances with Ease

March 13, 2015Linux, MySQL, News, Security, WindowsGeorgi Kodinov

MySQL 5.7.6 brings in a simplification that solves the very first problem that I encountered back in the days when I first started using MySQL 5.0. Namely…

How do I create a new database instance?

I know it sounds like a very basic question.…

How to Use SSL and MySQL Client Library in the Same Binary!

January 21, 2015Compilation, MySQL, Security, SSLVenkata Sidagam

We plan to hide (not export) the symbols of the SSL library used by the MySQL client library. As step one in that effort, we plan to hide all of the non-documented symbols because we want to stop polluting the MySQL client program’s namespace.…

Understand and satisfy your AES encryption needs with 5.6.17

March 27, 2014SecurityGeorgi Kodinov

MySQL, starting from 4.0.2, had AES encryption and decryption functions. They are compiled with support for pure independent block by block encryption mode (ECB), using a 128 bit key.

128 bits is plenty enough! And sufficient for everybody! And who would even want to go to the trouble of dealing with initialization vectors?…

MySQL Server Blog

News from the MySQL Server Team