Oracle University recently unveiled a new online training offering – the MySQL Learning Subscription. The combination of freely-accessible and compelling paid content makes this an exciting development to me, and should prove valuable to the community and customer base alike. This post will briefly explore this new MySQL educational resource.
A while back, I wrote a blog post explaining how
PERFORMANCE_SCHEMA improvements in MySQL Server 5.7 provides new visibility into the SSL/TLS status of each running client configuration. An excellent recent post from Frederic Descamps at Percona covers similar territory. Both of us use
PERFORMANCE_SCHEMA tables directly – a powerful interface, but one that requires a query joining multiple tables. Thanks to the excellent work of Mark Leith, and a contribution from Daniël van Eeden, access to this same information is made far easier via the
SYS schema. Continue reading SYS Schema: Simplified Access To SSL/TLS Details
MariaDB recently announced the migration of the JIRA bug tracking system from the current Atlassian-hosted instance to a self-hosted installation to be found at jira.mariadb.org. This likely isn’t a big deal to the community, and MariaDB is being very proactive in coordinating this change in the community – but it’s an opportunity for me to ask a few questions regarding MariaDB’s JIRA usage to which I can’t find answers. I certainly welcome answers, feedback or clarification from MariaDB staff.
Before getting started, I should say that I appreciate MariaDB – the product, the company, the staff and the foundation. MariaDB/SkySQL/Monty Programs serve a unique and useful purpose for community, users and staff who prefer not to deal with Oracle. I don’t view myself as a critic of MariaDB, and I consider a good number of MariaDB staff my friends. Getting a better understanding of how MariaDB operates the bug system is of interest to me, and perhaps the larger community as well. Continue reading Questions about MariaDB’s bug system
Transport Layer Security (TLS, also often referred to as SSL) is an important component of a secure MySQL deployment, but the complexities of properly generating the necessary key material and configuring the server dissuaded many users from completing this task. MySQL Server 5.7 simplifies this task for both Enterprise and Community users. Previous blog posts have detailed the changes supporting Enterprise builds; this blog post will focus on parallel improvements made to MySQL Community builds.
Knowing which privileges a given account has is easy – just issue SHOW GRANTS FOR user@host. But what about when you need visibility into privileges from the other direction – which accounts can access specific data? If you’re a DBA – or perform DBA duties, regardless of your title – you may have been asked this question. It’s an important question to ask in an audit or compliance review – but it can be a difficult question to answer. This post will walk through how to assess this, but if you’re impatient and need answers to this question immediately, jump to the end – there’s a simple shortcut. Continue reading Which accounts can access this data?
MySQL Connector/Java 5.1.38 was released earlier this week, and it includes a notable improvement related to secure connections. Here’s how the change log describes it:
When connecting to a MySQL server 5.7 instance that supports TLS, Connector/J now prefers a TLS over a plain TCP connection.
This mirrors changes made in 5.7 to the behavior of MySQL command-line clients and libmysql client library. Coupled with the streamlined/automatic generation of TLS key material to ensure TLS availability in MySQL Server 5.7 deployments, this is an important step towards providing secure communication in default deployments. Continue reading Secure Java Connections by Default
Secure communications is a core component of a robust security policy, and MySQL Server 5.7.10 – the first maintenance release of MySQL Server 5.7 – introduces needed improvements in this area. Support for TLS has been expanded from TLSv1.0 to include TLSv1.1 and TLSv1.2, default ciphers have been updated, and controls have been implemented allowing both server and client-side configuration of acceptable TLS protocol versions. This blog post will describe the changes, the context in which these changes were made, note important differences in capabilities between Community and Enterprise versions, and outline future plans. Continue reading SSL/TLS Improvements in MySQL 5.7.10
A key theme of the MySQL Server 5.7 release is much improved security. Earlier releases of MySQL 5.7 have introduced features supporting this initiative including automatic generation and detection of TLS key material and client-side preference for TLS connections. The recent MySQL 5.7.8 release builds upon this and provides additional monitoring and audit capabilities that make it easy to answer the question, “How secure are my client connections?”