There has been a recent spate of blog posts and tweets regarding MaxScale binary downloads requiring acceptance of an Evaluation License that some in the community perceived to be onerous. MariaDB took quick action to make these binaries available without accepting the license, and were quickly – and rightly – praised for listening to the community. [UPDATE 2016-04-14: It turns out the measures MariaDB took were incomplete, and that accessing downloads of MaxScale still require accepting the Evaluation License terms – see comments for details] The MaxScale binaries are part of a larger concern for me, and I commented as much on the blog highlighting MariaDB’s action. That comment hasn’t been approved by the author (though later comments have been), so I thought it might not be the right venue to raise such questions – hence this blog post. I hope MariaDB proves as responsive to these concerns/questions as they were to the MaxScale binary issues! Continue reading Requests for MariaDB
A while back, I wrote a blog post explaining how
PERFORMANCE_SCHEMA improvements in MySQL Server 5.7 provides new visibility into the SSL/TLS status of each running client configuration. An excellent recent post from Frederic Descamps at Percona covers similar territory. Both of us use
PERFORMANCE_SCHEMA tables directly – a powerful interface, but one that requires a query joining multiple tables. Thanks to the excellent work of Mark Leith, and a contribution from Daniël van Eeden, access to this same information is made far easier via the
SYS schema. Continue reading SYS Schema: Simplified Access To SSL/TLS Details
MariaDB recently announced the migration of the JIRA bug tracking system from the current Atlassian-hosted instance to a self-hosted installation to be found at jira.mariadb.org. This likely isn’t a big deal to the community, and MariaDB is being very proactive in coordinating this change in the community – but it’s an opportunity for me to ask a few questions regarding MariaDB’s JIRA usage to which I can’t find answers. I certainly welcome answers, feedback or clarification from MariaDB staff.
Before getting started, I should say that I appreciate MariaDB – the product, the company, the staff and the foundation. MariaDB/SkySQL/Monty Programs serve a unique and useful purpose for community, users and staff who prefer not to deal with Oracle. I don’t view myself as a critic of MariaDB, and I consider a good number of MariaDB staff my friends. Getting a better understanding of how MariaDB operates the bug system is of interest to me, and perhaps the larger community as well. Continue reading Questions about MariaDB’s bug system
Transport Layer Security (TLS, also often referred to as SSL) is an important component of a secure MySQL deployment, but the complexities of properly generating the necessary key material and configuring the server dissuaded many users from completing this task. MySQL Server 5.7 simplifies this task for both Enterprise and Community users. Previous blog posts have detailed the changes supporting Enterprise builds; this blog post will focus on parallel improvements made to MySQL Community builds.
MySQL 5.7 aims to be the most secure MySQL Server release ever, and that means some significant changes in SSL/TLS. This post aims to tie together individual enhancements introduced over the span of several Development Milestone Releases (DMRs) into the larger initiative. In the simplest terms, we hope to have a minimal TLS configuration enabled by default, and for connections to prefer TLS by default. Let’s dig into the various aspects of this:
Prior to MySQL 5.7, the
CREATE USER command had a number of limitations:
- No way to set both authentication plugin and password
- No way to disable a user
- No way to define user resource limitations
- No way to set a non-default password expiration policy
- No way to require SSL/x509
All of these things could be done through other means, but typically involved other statements, such as
GRANT commands. Starting with MySQL 5.7.6, these can all be done through a new and improved
CREATE USER syntax:
MySQL has provided support for proxy users since version 5.5, but the roles-like capabilities offered have been largely unnoticed until recently. Part of that has been due to limitations on which types of accounts could leverage proxy user capabilities. This changes with the release of MySQL Server 5.7.7 (Release Candidate), which includes support for proxy user mapping for the standard mysql_native_password and sha256_password authentication plugins. This post will introduce the new functionality and explain how to leverage it to emulate certain features of roles without any need for PAM or external authentication systems.
Last Wednesday, I spoke at the San Francisco MySQL Meetup on the topic of changes coming in MySQL 5.7 (and later). We actually went through two different slide decks; the first on features being considered for deprecation in MySQL 5.7 (or later), and the second set providing a brief overview of the new features and benefits already introduced in MySQL 5.7 via the development milestone releases (DMRs) published to date. A big thanks to the entire SF Meetup group, and in particular the organizers (Erin, Mike and Darren), for having me. The event was streamed and recorded, and you can view the full presentation on YouTube. The slide deck can be found here.
The discussion around proposed deprecation was good, and this blog serves to document my own notes about what was said – giving others an opportunity to provide additional feedback. Feel free to comment either to reinforce or offer alternative perspectives on the feedback noted. There’s also some post-presentation clarification mixed in: