Category Archives: Security

MySQL 8.0.4 : New Default Authentication Plugin : caching_sha2_password

January 25, 2018Authentication, MySQL, Plugins, Security, User managementHarin Vadodaria

Starting with MySQL 8.0.4, we are changing the default authentication plugin for MySQL server from mysql_native_password to caching_sha2_password. Correspondingly, libmysqlclient will now use caching_sha2_password as the default authentication mechanism, too.

Why did we do it?

The advantage of mysql_native_password is that it support challenge-response mechanism which is very quick and does not require encrypted connection.…

MySQL 8.0.4, OpenSSL, and MySQL Community Edition

January 24, 2018Community, MySQL, Security, SSLFrédéric Descamps

Starting with the MySQL Community 8.0.4-RC we are unifying on OpenSSL as the default TLS/SSL library for both MySQL Enterprise Edition and MySQL Community Edition. Previously, MySQL Community Edition used YaSSL.

Why make this change?

Community Requests – Supporting OpenSSL in the MySQL Community Edition has been one of the most frequently requested features.

…

Protecting Data with Digital Signatures by Example using MySQL Enterprise Edition

June 21, 2017MySQL, Security, SSLMike Frank

Often databases contain data that needs to be proven as valid and authentic. We want to ensure that a known person or other sender (e.g. a trusted app) of the information can’t deny content, nor that the content can change without that person (senders) consent.…

Hybrid Data Encryption by Example using MySQL Enterprise Edition

June 1, 2017MySQL, SecurityMike Frank

Sharing keys, passphrases with applications is problematic, especially with regard to encrypting data. Too often applications are developed where “the keys are left in the door” or at best “under the mat” – hard coded, in a clear text property file… exposed and vulnerable. …

MySQL 8.0: Making User Management DDLs Atomic

September 26, 2016MySQL, User managementHarin Vadodaria

With MySQL 8.0, we are bringing in an important change in the way user management DDLs are executed.

Background

User management DDLs cover following user management actions:

Creating user/role (CREATE USER [IF NOT EXISTS] / CREATE ROLE [IF NOT EXISTS])
Altering user account properties (ALTER USER [IF EXISTS])
Dropping user/role from database (DROP USER [IF EXISTS] / DROP ROLE [IF EXISTS])
Granting/Revoking privileges to/from a user/role (GRANT/REVOKE)

Each of these administrative action can handle multiple entities as a part of single command.…

MySQL 5.7: New Audit Log Filtering Feature – Part 1

June 13, 2016Audit, Enterprise, MySQL, SecurityMarek Szymczak

Security auditing plays important role in the process of securing a database system. Thanks to the MySQL Enterprise Audit extension, we can record all activities, such as client connections and execution of queries into a single log file, for later inspection.…

Keyring framework

May 13, 2016Enterprise, MySQL, SecurityRobert Golebiowski

Security these days is bigger than ever. This statement needs no proof. It seems like it is getting easier and easier to get access to ‘secure data’. As system grows it becomes really hard to secure all endpoints. This is why encrypting data is now the hot topic in the database world.…

Restricting Connections to Secure Transport

January 28, 2016MySQL, Security, SSLencryption, MySQL 5.7, SSL, TLSMatt Lord

MySQL 5.7 makes secure connections easier with streamlined key generation for both MySQL Community and MySQL Enterprise, improves security by expanding support for TLSv1.1 and TLSv1.2, and helps administrators assess whether clients are connecting securely or not with new visibility into connection types. …

Simplified SSL/TLS Setup for MySQL Community

January 21, 2016Community, MySQL, Security, SSLencryption, MySQL 5.7, MySQL Community, Security, TLSMatt Lord

Transport Layer Security (TLS, also often referred to as SSL) is an important component of a secure MySQL deployment, but the complexities of properly generating the necessary key material and configuring the server dissuaded many users from completing this task. MySQL Server 5.7…

An update on default_password_lifetime

January 19, 2016Defaults, MySQL, SecurityMatt Lord

With MySQL 5.7, our goal is to be secure by default. This means that without having to change configuration settings or perform any additional steps, your fresh installation should be safe for production use.

As part of this security initiative, MySQL 5.7…

MySQL Server Blog

News from the MySQL Server Team