OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7

May 5, 2015Download as PPTX, PDF0 likes377 views

Georgi Kodinov presents on secure deployment changes in MySQL 5.7. The presentation covers recent trends towards more secure defaults, including having a single root account with an auto-generated, expired password and SSL encryption being enabled by default. Key changes for MySQL 5.7 are a single root account, SSL encryption by default, and tests and demos being separated from the main software package.

OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Secure Deployment Changes
in MySQL 5.7
Common problems and how do we intend to solve them
Georgi Kodinov
Team Lead, MySQL Server General Team

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Former banking IT Manager
• Veteran software developer
• Leading the MySQL Server General
development team
• Been with MySQL since 2006
• Regular MySQL conference
speaker
About Me

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
Recent trends in secure MySQL deployment
Secure deployment changes in MySQL 5.7
1
2
4

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Recent Trends in Secure MySQL Deployment
5

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Secure by Default !
• Help the novice user
• People now needing to explicitly relax security constraints
• Increases awareness and visibility of security issues
6
The “why”

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Secure by Default !
• mysql_secure_installation not needed on new installs !
• Single account with a random, expired password
• No test/demo databases and data in the server package
• Password strength validation plugin installed by default
• Self signed SSL CA/keys pre-generated if absent
• SSL encrypted connections by default
• Control over data import/export file system locations
• “Development” and “production” packages
7
The “how”

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Packaged in a Secure Way
• Careful use of the OS accounts
• All demo/test/example files in separate packages
• No default passwords
• Designated location data imported/exported through SQL commands
8

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Secure Deployment Changes in MySQL 5.7
9

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
A Single root@localhost Account
• Fully implemented in 5.7.7 (RC1)
• No root@<ip address>
• No anonymous accounts
• No test accounts
• With expired, auto-generated password
• Looking into using passwordless authentication where available
• FYI: Interactive installers will ask for a password
10

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
SSL Encryption by Default
• Fully implemented in 5.7.7 (RC1)
• SSL key material generated and set up at install time
– CA, server and client certificates and keys
• Clients attempting SSL connections by default
• A way to force SSL on the client side
11

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Security Conscious Package Layout
• Fully implemented in 5.7.7 (RC1)
• Tests and demos into a separate package
• A designated directory for OS file handling SQL commands
• Reviewed the use of OS accounts and permissions
12

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Non Security Related, But Noteworthy
13

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
The New Server –initialize* Option
• Heavy: mysql_install_db spawns the server in a weird mode
• Not platform independent
• Relying on external script files to bootstrap
14
Why ?

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
The New Server –initialize* Option
• Everything needed linked into the server
• No extra binaries
• Works with the server binary = all server’s startup options work
• Platform independent
• Two modes:
– --initialize: root account with expired auto-generated strong password
– --initialize-insecure: root account without a password (scripts)
• mysql_install_db still works, but deprecated
15
How ?

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Questions and Answers
16

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 17

This document discusses using the MySQL Performance Schema to monitor and troubleshoot database performance issues. The Performance Schema collects instrumentation data without additional threads or memory beyond server startup. It contains tables to track statements, stages, waits, I/O and more. The document reviews Performance Schema options, tables and how to view summary statistics. Installing the SYS schema provides helpful views and stored procedures for exploring performance data in the Performance Schema.

MySQL Tech Tour 2015 - 5.7 SecurityMark Swarbrick

- 43% of companies experienced a data breach in the past year, with major breaches exposing over 500 million identities in 2013 alone. Cybercrime costs the global economy $575 billion per year. - The 2013 Target breach exposed 40 million credit/debit cards and 70 million customer records, costing $270 million. A major data breach is discovered every month. - Database vulnerabilities include poor configurations, overprivileged accounts, weak access controls, authentication and auditing. Attacks include SQL injection, buffer overflows, brute force attacks and malware. Malicious actions can cause information disclosure, denial of service, privilege escalation, spoofing and data tampering.

01 demystifying mysq-lfororacledbaanddeveloperv1Ivan Ma

This document provides an overview of MySQL for Oracle DBAs and developers, presented by Ivan Ma. It covers installing and securing MySQL, performance tuning techniques like using the Performance Schema and MySQL Enterprise Monitor tools. It also discusses using MySQL for NoSQL workloads through technologies like Memcached and MySQL Cluster, which provide scalable in-memory access and integration with the relational database. The document aims to help Oracle experts understand and get the most out of MySQL.

MySQL SecurityMario Beck

Openfest15 MySQL Plugin DevelopmentGeorgi Kodinov

MySQL Intro JSON NoSQLMark Swarbrick

This document provides an overview of MySQL and how to get the most out of it. It discusses when MySQL is a good choice, how to scale MySQL for different use cases, and how to ensure high availability and performance. It also covers MySQL Fabric for sharding and high availability, and new features in MySQL like support for JSON and key-value stores. The presentation aims to help users understand how to choose and optimize MySQL for their needs.

MySQL 5.7: Focus on ReplicationMario Beck

Mysql security 5.7 Mark Swarbrick

This document discusses database security and the growing threat of data breaches. It notes that 43% of companies experienced a data breach in the past year, and that 552 million identities were exposed in 2013, a 493% increase from the previous year. The document outlines common database vulnerabilities and attacks, and recommends strategies like access controls, encryption, monitoring and firewalls to enhance database security and prevent breaches.

MySQL High Availibility SolutionsMark Swarbrick

The document discusses high availability (HA) solutions for MySQL databases. It provides an overview of various MySQL HA technologies including replication, MySQL Fabric, Oracle Clusterware, Windows clustering, Solaris clustering, and DRBD. It also discusses MySQL Cluster and how it provides features such as high performance, high scalability, real-time capabilities, and 99.999% availability through its distributed architecture and data sharding. Several customer examples using MySQL Cluster for mission critical applications are also provided.

MySQL Tech Tour 2015 - 5.7 Connector/J/NetMark Swarbrick

MySQL Manchester TT - Replication FeaturesMark Swarbrick

The document is a presentation about replication features in MySQL 5.7 given at Percona Live in Amsterdam. It provides background on replication components like binary logs and replicas. It then discusses new usability and online features for replication in MySQL 5.7 like online reconfiguration of global transaction identifiers to allow configuration changes without downtime. The presentation outlines these new features and previews upcoming lab developments and the future roadmap.

MySQL Tech Tour 2015 - Alt IntroMark Swarbrick

This document provides summaries of updates and new releases for MySQL products between 2010 and 2015. It highlights improvements made under Oracle stewardship, including doubling the engineering staff. New generally available releases include MySQL 5.7, MySQL Cluster 7.4, MySQL Workbench 6.2, and MySQL Enterprise Encryption. Performance gains of up to 47% were achieved in MySQL Cluster 7.4 compared to previous versions.

Upgrading to my sql 8.0Ståle Deraas

MySQL The State of the Dolphin - jun15MySQL Brasil

MySQL in Oracle environment : Quick start guide for Oracle DBA (Part 1)OracleMySQL

You are an IT manager or Oracle DBA, comfortable and successful with your knowledge of how to keep an Oracle database up and running. One day, you find out you’ll now be supporting a popular MySQL database application. No one in your team has MySQL expertise and you have no budget to hire. This slides covers the different use cases for MySQL and Oracle Database, as well as the tools to manage both databases. Additionally, the presentation spotlights top MySQL solutions for high availability, disaster recovery, and high-level security to protect your databases and business. You’ll also see the advantages of managing a MySQL database side by side with an Oracle database in the Oracle Public Cloud with the push-button ease of the MySQL Cloud Service.

MySQL Performance Tuning 101 (Bahasa)OracleMySQL

Dalam webinar ini, kami mengajak anda untuk mengenal proses tuning performa MySQL database. Kita akan melakukan review best practices, opsi konfigurasi yg penting, diskusi ttg inisial MySQL config file, monitoring dan lain lain. Mari mengenal bagaimana menemukan kueri yang paling membutuhkan optimasi menggunakan laporan kinerja di MySQL Workbench, MySQL Enterprise Monitor, atau melalui sys schema.

MySQL Enterprise Edition OverviewMario Beck

The document discusses MySQL Enterprise Edition and its management tools and advanced features. It provides an overview of MySQL Enterprise Monitor for monitoring MySQL performance and availability, MySQL Enterprise Backup for backups, and MySQL Workbench for migrations, auditing and backups. It also covers advanced features in MySQL Enterprise like the thread pool for improved scalability, security features like encryption and authentication, and integration with Oracle products.

MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...OracleMySQL

This document discusses how Oracle Enterprise Manager can be used to manage MySQL databases. It provides an overview of how MySQL Enterprise Monitor and Oracle Enterprise Manager integrate to provide monitoring of MySQL performance metrics, configuration monitoring, replication monitoring, query analysis, security management, and other capabilities from a single dashboard. It also discusses how to install and set up both MySQL Enterprise Monitor and the Oracle Enterprise Manager MySQL plugin.

Introduction to Oracle Infrastructure as a ServiceTimothy Krupinski

Netherlands Tech Tour - 06 MySQL Enterprise MonitorMark Swarbrick

This document provides an overview of MySQL Enterprise Monitor, a tool for monitoring and managing MySQL database performance. It discusses key features like real-time monitoring of MySQL performance and availability, query analysis capabilities to identify poorly performing queries, and disk monitoring for capacity planning. The document also highlights new features in version 3.0 such as auto-scheduling of monitoring policies and zero configuration query analysis using MySQL Performance Schema.

MySQL 5.7: What's New, Nov. 2015Mario Beck

Sql tuning tools of the tradeEnkitec

This document compares and contrasts three common SQL tuning tools: SQLTXPLAIN, SQLHC, and stand-alone scripts. SQLTXPLAIN provides a robust set of diagnostic reports and automatic test case extraction but requires installing schemas. SQLHC provides most common diagnostics and installs nothing on the database. Stand-alone scripts offer specialized diagnostics like execution plans and install nothing on the database.

Robust easy affordable disaster recovery for MySQL DataOracleMySQL

Priscila Galvao, a MySQL Solutions Engineer, presented on disaster recovery options for MySQL data. The presentation discussed how backup is the first step but not sufficient on its own for protection against disasters. It introduced disaster recovery plans and options like cloud backup and disaster recovery to Oracle Cloud's MySQL service in active-standby or active-active configurations. Benefits highlighted included conserving resources, faster response times, flexibility, security, and support.

Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cAlfredo Krieg

1) Oracle Enterprise Manager allows users to clone Oracle databases in minutes without risk by using its snap clone functionality. 2) Snap clones provide rapid, space efficient cloning of databases across storage systems. They also enable integrated database lifecycle management. 3) Enterprise Manager provides both administrator-driven and self-service user workflows for creating snap clones of databases for testing and development.

Oracle Traffic Director - a vital part of your Oracle infrastructureSimon Haslam

MySQL & Oracle Linux Keynote at Open Source India 2014Sanjay Manwani

Intro to sqlParesh Motiwala, PMP®

MySQL Enterprise MonitorMario Beck

The document discusses MySQL Enterprise Monitor, an application that monitors MySQL database performance. It provides an overview of the product's architecture and features, how to install and configure it, and the benefits it provides, such as real-time performance monitoring, identifying problematic queries through query analysis, and advising on issues. It also notes how the tool helps improve performance, scalability, agility, productivity and reduce costs and risks for MySQL databases.

Using MySQL in Automated TestingMorgan Tocker

This document discusses using MySQL in automated testing. It covers various tools that can be used to automate and manage database deployments as part of testing, including pt-online-schema-change, MySQL Sandbox, SYS, Outbrain Propagator, Liquibase, ORM migrations, and libeatmydata. It also discusses considerations for different MySQL versions, such as online DDL support being introduced in MySQL 5.6. The document aims to demonstrate that databases can and should be automated and treated as first-class citizens in testing environments.

MySQL 5.7 + JavaMark Swarbrick

More Related Content

What's hot (20)

MySQL High Availibility SolutionsMark Swarbrick

MySQL Tech Tour 2015 - 5.7 Connector/J/NetMark Swarbrick

MySQL Manchester TT - Replication FeaturesMark Swarbrick

MySQL Tech Tour 2015 - Alt IntroMark Swarbrick

Upgrading to my sql 8.0Ståle Deraas

MySQL The State of the Dolphin - jun15MySQL Brasil

MySQL in Oracle environment : Quick start guide for Oracle DBA (Part 1)OracleMySQL

MySQL Performance Tuning 101 (Bahasa)OracleMySQL

MySQL Enterprise Edition OverviewMario Beck

MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...OracleMySQL

Introduction to Oracle Infrastructure as a ServiceTimothy Krupinski

Netherlands Tech Tour - 06 MySQL Enterprise MonitorMark Swarbrick

MySQL 5.7: What's New, Nov. 2015Mario Beck

Sql tuning tools of the tradeEnkitec

Robust easy affordable disaster recovery for MySQL DataOracleMySQL

Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cAlfredo Krieg

Oracle Traffic Director - a vital part of your Oracle infrastructureSimon Haslam

MySQL & Oracle Linux Keynote at Open Source India 2014Sanjay Manwani

Intro to sqlParesh Motiwala, PMP®

MySQL Enterprise MonitorMario Beck

MySQL High Availibility SolutionsMark Swarbrick

MySQL Tech Tour 2015 - 5.7 Connector/J/NetMark Swarbrick

MySQL Manchester TT - Replication FeaturesMark Swarbrick

MySQL Tech Tour 2015 - Alt IntroMark Swarbrick

Upgrading to my sql 8.0Ståle Deraas

MySQL The State of the Dolphin - jun15MySQL Brasil

MySQL in Oracle environment : Quick start guide for Oracle DBA (Part 1)OracleMySQL

MySQL Performance Tuning 101 (Bahasa)OracleMySQL

MySQL Enterprise Edition OverviewMario Beck

MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...OracleMySQL

Introduction to Oracle Infrastructure as a ServiceTimothy Krupinski

Netherlands Tech Tour - 06 MySQL Enterprise MonitorMark Swarbrick

MySQL 5.7: What's New, Nov. 2015Mario Beck

Sql tuning tools of the tradeEnkitec

Robust easy affordable disaster recovery for MySQL DataOracleMySQL

Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cAlfredo Krieg

Oracle Traffic Director - a vital part of your Oracle infrastructureSimon Haslam

MySQL & Oracle Linux Keynote at Open Source India 2014Sanjay Manwani

Intro to sqlParesh Motiwala, PMP®

MySQL Enterprise MonitorMario Beck

Similar to OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7 (20)

Using MySQL in Automated TestingMorgan Tocker

MySQL 5.7 + JavaMark Swarbrick

2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 Geir Høydalsvik

MySQL 5.7 includes many new features and improvements such as faster performance, easier configuration and management, and enhanced security. It provides benefits like increased speed for queries, replication, and data compression as well as new capabilities for JSON data, spatial indexing, and instrumentation. Oracle presented benchmarks showing MySQL 5.7 is up to 6 times faster than previous versions.

MySQL for Oracle DBAsBen Krug

MySQL Manchester TT - Performance TuningMark Swarbrick

This document provides an overview of MySQL server performance tuning. It discusses laying the foundation for performance tuning by examining the server, OS, network and filesystem. It also covers examining current server settings and status variables, and tuning various aspects of MySQL like InnoDB, MyISAM, queries and session settings. The document aims to provide guidance on areas to optimize to improve MySQL server performance.

1 my sql20151219-kaji_ivanIvan Tu

The document summarizes new features and enhancements in the new generation MySQL, including better performance, scalability, availability, security, and richer functionality. It provides performance test results showing significant speed improvements over previous MySQL versions. It also discusses improvements to the optimizer, more online operations for InnoDB, multi-source replication, high availability solutions like MySQL Cluster and Fabric, and enhanced security features.

Oracle Database In-Memory Advisor (English)Ileana Somesan

MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0Olivier DASINI

MySQL SecurityTed Wennmark

This document discusses database security and best practices for securing MySQL databases. It covers common database vulnerabilities like poor configurations, weak authentication, lack of encryption, and improper credential management. It also discusses database attacks like SQL injection and brute force attacks. The document provides recommendations for database administrators to properly configure access controls, encryption, auditing, backups and monitoring to harden MySQL databases.

MySQL Enterprise PortfolioAbel Flórez

Melhore o Desenvolvimento do Time com DevOps na NuvemBruno Borges

The document discusses Oracle Developer Cloud Service and how it helps development teams. It describes the challenges development organizations face around costs, processes and managing teams. It then provides an overview of DevOps and the ideal solution. Oracle Developer Cloud Service is presented as providing an integrated DevOps platform that streamlines development activities from source control to deployment. It allows teams to better collaborate and manage projects. A case study describes how a large distributed team leverages Developer Cloud Service for source management, code reviews, continuous integration and deployment to the cloud.

Using MySQL Enterprise Monitor for Continuous Performance ImprovementMark Matthews

MySQL Enterprise Monitor is built from the ground up to support DevOps DBAs and developers. From five scenarios based on real-world issues encountered by customers, learn how you can use the power features of query analysis and statistical visualization in MySQL Enterprise Monitor to diagnose and fix MySQL performance problems. Then learn how to apply these features in a continuous fashion as a valuable addition to your DevOps toolbox.

2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov

The document provides guidance on securing MySQL deployments. It outlines steps to harden a MySQL installation after installation, including running mysql_secure_installation, generating SSL keys, enabling query logging and backups. It also recommends removing unnecessary accounts and plugins. Additional security measures discussed include using SSL, external authentication, and login paths. The document notes new security features in MySQL 5.7 such as an audit log plugin and automatic password expiration.

MySQL for Oracle DBAsMario Beck

NoSQL no MySQL 5.7MySQL Brasil

MySQL London Tech Tour March 2015 - Embedded Database of ChoiceMark Swarbrick

This document summarizes MySQL, the popular open-source database. It notes that MySQL has over 15 million active installations, is embedded by over 3,000 ISVs and OEMs, and has seen increased investment since being acquired by Oracle in 2010. Key benefits outlined include low costs, high performance and scalability, flexibility across platforms, and high availability even with commodity hardware. The document promotes MySQL for its ability to reduce database risks and costs for embedded, on-premise, and cloud applications.

Oracle Enterprise Manager for MySQLMario Beck

This document provides an overview of Oracle Enterprise Manager and how it integrates MySQL monitoring and management. It discusses how the MySQL plugin allows Oracle Enterprise Manager to provide a single dashboard to manage Oracle and MySQL stacks. Key features covered include performance monitoring, configuration management, and integration with other Oracle products. The benefits of MySQL Enterprise Edition are also summarized.

MySQL 5.7 -- SCaLE Feb 2014Dave Stokes

This document summarizes a presentation about new features and changes coming in MySQL 5.7. Key points include: MySQL 5.7 will include performance improvements, more robust transaction handling and memory instrumentation. However, some backwards incompatible changes will be needed to improve the architecture. The presentation outlines several proposed changes, such as making replication more durable by default and changing the default SQL mode to STRICT. It also discusses new features for InnoDB and the optimizer.

10 Razões para Usar MySQL em StartupsMySQL Brasil

O MySQL é o banco de dados open source mais popular do mundo, usado em grandes websites como Facebook, Youtube, Twitter, Globo.com e também em aplicações mobile e embarcadas. Um fato que surpreende é que estes grandes websites desde seus primórdios se apoiam no MySQL como principal tecnologia de armazenamento de dados. No Vale do Silício (EUA), o MySQL continua forte e crescendo em popularidade. Nesta palestra destacaremos os principais motivos que levam as Start Ups Web a utilizar o MySQL, além de apresentar um guia prático de como começar a desenvolver com MySQL.

Oracle OpenWorld - Getting started with MySQL ClusterBenedita Paúl Vasconcelos

MySQL Cluster is a proven technology that today is successfully servicing the most performance-intensive workloads. MySQL Cluster is deployed across telecom networks and is powering mission-critical web applications. Without trading off use of commodity hardware, transactional consistency and use of complex queries, MySQL Cluster provides: - Web Scalability (web-scale performance on both reads and writes) - Carrier Grade Availability (99.999%) - Developer Agility (freedom to use SQL or NoSQL access methods) MySQL Cluster is recommended in the situations where: - It is crucial to reduce service downtime, because this produces a heavy impact on business - Sharding the database to scale write performance highly impacts development of application (in MySQL Cluster the sharding is automatic and transparent to the application) - There are real-time responses needs - There are unpredictable scalability demands - It is important to have data-access flexibility (SQL & NoSQL) From a practical point of view the HOL's steps were: - Installation of MySQL Cluster - Start & Monitoring of MySQL Cluster - Connecting to MySQL Cluster - Overview of MySQL Cluster’s Admin Commands & Operations

Using MySQL in Automated TestingMorgan Tocker

MySQL 5.7 + JavaMark Swarbrick

2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 Geir Høydalsvik

MySQL for Oracle DBAsBen Krug

MySQL Manchester TT - Performance TuningMark Swarbrick

1 my sql20151219-kaji_ivanIvan Tu

Oracle Database In-Memory Advisor (English)Ileana Somesan

MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0Olivier DASINI

MySQL SecurityTed Wennmark

MySQL Enterprise PortfolioAbel Flórez

Melhore o Desenvolvimento do Time com DevOps na NuvemBruno Borges

Using MySQL Enterprise Monitor for Continuous Performance ImprovementMark Matthews

2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov

MySQL for Oracle DBAsMario Beck

NoSQL no MySQL 5.7MySQL Brasil

MySQL London Tech Tour March 2015 - Embedded Database of ChoiceMark Swarbrick

Oracle Enterprise Manager for MySQLMario Beck

MySQL 5.7 -- SCaLE Feb 2014Dave Stokes

10 Razões para Usar MySQL em StartupsMySQL Brasil

Oracle OpenWorld - Getting started with MySQL ClusterBenedita Paúl Vasconcelos

More from Georgi Kodinov (20)

2024 RoOUG Security model for the cloud.pptxGeorgi Kodinov

2023 TurnovoConf MySQL Authentication.pptxGeorgi Kodinov

2022 TurnovoConf MySQL за начинаещи.pptxGeorgi Kodinov

OpenSUSE Conf 2020 MySQL CloneGeorgi Kodinov

The document describes MySQL Clone, a plugin that allows users to easily create a replica of a MySQL database instance. The plugin takes a snapshot of the source database with consistent transaction and binary log information. It then copies the data, files, and redo logs to the recipient server, creating an identical replica. The clone operation is resumable if network failures occur. Various stages of the cloning process can be monitored via performance schema tables. The plugin provides a simple way to provision new replication nodes or re-provision returning nodes.

2020 pre fosdem mysql cloneGeorgi Kodinov

The document introduces MySQL Clone, a plugin that provides a simple way to create a replica of a MySQL instance. It allows cloning data locally or remotely from a "donor" server to a "recipient" server. The cloning process happens in stages, copying data files, page IDs, and redo logs to keep the recipient synchronized. Monitoring can be done via the performance_schema to check the clone's progress and status. Variables control resources used and networking during the clone operation. It is intended to provision new replication nodes and re-provision returning nodes.

2019 BGOUG Autumn MySQL CloneGeorgi Kodinov

This document introduces MySQL Clone, a new plugin that provides a simple way to create consistent replicas of a MySQL database instance. It allows cloning data from a "donor" server to a new "recipient" server. The clone operation produces a replica with matching binary log positions and transactional consistency. It is faster than traditional replication and supports resuming interrupted clones. MySQL Clone can be used to provision new replication nodes or re-provision existing nodes.

2019 indit blackhat_honeypot your database serverGeorgi Kodinov

This document discusses using a honeypot technique to detect unauthorized access to a database. It presents an audit plugin called audit_tripwire that can be installed on a MySQL database. The plugin monitors for any non-administrator users accessing predefined "attractive" tables and logs a warning. It then prevents further commands on the database by that user until an administrator intervenes. The document provides example code of how the plugin works and instructions for compiling, installing, and testing it on a sample database.

PLe19 How To Instrument Your Code in performance_schemaGeorgi Kodinov

Georgi Kodinov gave a presentation on instrumenting code in the MySQL Performance Schema. He discussed why developers should instrument their code, how to do so, and the mechanics behind it. Instrumenting code provides insight into resource usage and makes code more debuggable and portable. It also exposes extra information to users and administrators. The Performance Schema allows adding new tables from components to store volatile data beyond just performance metrics.

DevTalks.ro 2019 What's New in MySQL 8.0 SecurityGeorgi Kodinov

This document discusses new security features in MySQL 8.0 and MySQL Enterprise Edition. It begins with an overview of MySQL security architecture including authentication, authorization, encryption, firewalls, auditing, and new masking/de-identification features. New features in MySQL 8.0 include roles for improving access controls, atomic ACL statements, and dynamic privileges. MySQL Enterprise Edition includes new data masking, de-identification and random data generation features. The document also discusses authentication, encryption, password features and a new security model for cloud deployments.

DevTalks.ro 2019 MySQL Data Masking TalkGeorgi Kodinov

This document discusses MySQL data masking and provides an overview of MySQL Enterprise masking capabilities. It explains that data masking hides original data with random characters or data in order to comply with regulations and reduce the cost of data breaches. MySQL Enterprise masking allows for string masking, random data generation, dictionary-based replacement and masking of specific data types like credit cards and social security numbers. The presentation concludes with asking for any questions or suggestions.

FOSDEM19 MySQL Component InfrastructureGeorgi Kodinov

The document discusses MySQL's new component infrastructure introduced in version 8.0. It aims to simplify and modularize MySQL's codebase through better isolation, encapsulation and explicit dependencies between components. The architecture utilizes core components like a registry and dynamic loader to manage other components at runtime. The document outlines concepts like components, services, and implementations, and provides guidance on how to create new components and services that integrate with the component infrastructure.

MySQL Enterprise Data MaskingGeorgi Kodinov

Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov

In this session get an overview of all the new security features in MySQL 8.0 and how they fit together to answer the modern security challenges. MySQL 8 takes a new step in tightening the security of MySQL installations and provides new and flexible tools including a brand new default authentication method, SQL roles, enhancements in transparent disk encryption, and modern password controls on password reuse, complexity, and brute force password guessing.

How to add stuff to MySQLGeorgi Kodinov

The document discusses four main ways to add new functionality to MySQL: user defined functions (UDFs), plugins, components, and pull requests. UDFs allow adding SQL callable functions and are the basic/easy way. Plugins were the old way but are more complex with loading/unloading issues. Components are the new preferred way as they are extensible and allow communication between parts. Pull requests involve contributing code changes to MySQL source code and are for advanced users.

Pl18 saving bandwidthGeorgi Kodinov

This document discusses efforts to reduce bandwidth usage when retrieving data from a MySQL database. It describes how metadata packets increase the size of the response from a SELECT query. The team implemented changes that allow clients to request data without metadata, reducing response sizes by over 300% in some cases. The changes were a collaborative effort between Oracle, Twitter, Facebook, and others.

BGOUG17: Cloudy with a chance of MySQLGeorgi Kodinov

The document discusses Oracle's MySQL Cloud Service, which provides MySQL as a database-as-a-service on Oracle Public Cloud. The service handles backups, patching, monitoring and other maintenance tasks, providing MySQL with Enterprise Edition features. It offers automated provisioning, elastic scaling, high availability, security features, and tools for backup/restore, administration and data access. The document includes demos of creating an instance, administration, restoring from backup, command line access, and scaling instances.

Pl17: MySQL 8.0: securityGeorgi Kodinov

Fosdem17 honeypot your database serverGeorgi Kodinov

This document discusses using a honeypot database technique called "audit tripwire" to detect unauthorized access attempts. It describes creating a plugin that monitors access to a predefined "attractive" table and logs a warning if a non-administrator account accesses it, blocking further queries. The document provides example code for the plugin and steps to compile, install, and test it by granting a test user access where they can view database and table information but are blocked from reading the table contents.

2016 oSC MySQL FirewallGeorgi Kodinov

MySQL Firewall is an application level firewall filter that intercepts incoming queries and validates them against a database of normalized "safe" queries. As an integral part of the server it takes advantage of the parsing and normalization that is done anyway so it has minimal impact on normal operations. The firewall has multiple modes. In learning mode it collects the incoming query normalization in a scratchpad that can be persisted to disk. In alert mode it will just alert the DBA for an unknown query but still let it pass. And in protecting mode it will reject all unknown queries. The firewall can be used to limit SQL injection or as a complement to the privilege system to support only particular front end applications. We will go through all of the stages of installing, training and arming the MySQL firewall with understandable examples.

OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov

2024 RoOUG Security model for the cloud.pptxGeorgi Kodinov

2023 TurnovoConf MySQL Authentication.pptxGeorgi Kodinov

2022 TurnovoConf MySQL за начинаещи.pptxGeorgi Kodinov

OpenSUSE Conf 2020 MySQL CloneGeorgi Kodinov

2020 pre fosdem mysql cloneGeorgi Kodinov

2019 BGOUG Autumn MySQL CloneGeorgi Kodinov

2019 indit blackhat_honeypot your database serverGeorgi Kodinov

PLe19 How To Instrument Your Code in performance_schemaGeorgi Kodinov

DevTalks.ro 2019 What's New in MySQL 8.0 SecurityGeorgi Kodinov

DevTalks.ro 2019 MySQL Data Masking TalkGeorgi Kodinov

FOSDEM19 MySQL Component InfrastructureGeorgi Kodinov

MySQL Enterprise Data MaskingGeorgi Kodinov

Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov

How to add stuff to MySQLGeorgi Kodinov

Pl18 saving bandwidthGeorgi Kodinov

BGOUG17: Cloudy with a chance of MySQLGeorgi Kodinov

Pl17: MySQL 8.0: securityGeorgi Kodinov

Fosdem17 honeypot your database serverGeorgi Kodinov

2016 oSC MySQL FirewallGeorgi Kodinov

OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov

Recently uploaded (20)

Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Dele Amefo

Adobe Master Collection CC Crack Advance Version 2025kashifyounis067

🌍📱👉COPY LINK & PASTE ON GOOGLE http://drfiles.net/ 👈🌍 Adobe Master Collection CC (Creative Cloud) is a comprehensive subscription-based package that bundles virtually all of Adobe's creative software applications. It provides access to a wide range of tools for graphic design, video editing, web development, photography, and more. Essentially, it's a one-stop-shop for creatives needing a broad set of professional tools. Key Features and Benefits: All-in-one access: The Master Collection includes apps like Photoshop, Illustrator, InDesign, Premiere Pro, After Effects, Audition, and many others. Subscription-based: You pay a recurring fee for access to the latest versions of all the software, including new features and updates. Comprehensive suite: It offers tools for a wide variety of creative tasks, from photo editing and illustration to video editing and web development. Cloud integration: Creative Cloud provides cloud storage, asset sharing, and collaboration features. Comparison to CS6: While Adobe Creative Suite 6 (CS6) was a one-time purchase version of the software, Adobe Creative Cloud (CC) is a subscription service. CC offers access to the latest versions, regular updates, and cloud integration, while CS6 is no longer updated. Examples of included software: Adobe Photoshop: For image editing and manipulation. Adobe Illustrator: For vector graphics and illustration. Adobe InDesign: For page layout and desktop publishing. Adobe Premiere Pro: For video editing and post-production. Adobe After Effects: For visual effects and motion graphics. Adobe Audition: For audio editing and mixing.

Solidworks Crack 2025 latest new + license codeaneelaramzan63

Exploring Wayland: A Modern Display Server for the FutureICS

Revolutionizing Residential Wi-Fi PPT.pptxnidhisingh691197

Automation Techniques in RPA - UiPath CertificateVICTOR MAESTRE RAMIREZ

Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsBradBedford3

Join Ajay Sarpal and Miray Vu to learn about key Marketo Engage enhancements. Discover improved in-app Salesforce CRM connector statistics for easy monitoring of sync health and throughput. Explore new Salesforce CRM Synch Dashboards providing up-to-date insights into weekly activity usage, thresholds, and limits with drill-down capabilities. Learn about proactive notifications for both Salesforce CRM sync and product usage overages. Get an update on improved Salesforce CRM synch scale and reliability coming in Q2 2025. Key Takeaways: Improved Salesforce CRM User Experience: Learn how self-service visibility enhances satisfaction. Utilize Salesforce CRM Synch Dashboards: Explore real-time weekly activity data. Monitor Performance Against Limits: See threshold limits for each product level. Get Usage Over-Limit Alerts: Receive notifications for exceeding thresholds. Learn About Improved Salesforce CRM Scale: Understand upcoming cloud-based incremental sync.

Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIdanshalev

If we were building a GenAI stack today, we'd start with one question: Can your retrieval system handle multi-hop logic? Trick question, b/c most can’t. They treat retrieval as nearest-neighbor search. Today, we discussed scaling #GraphRAG at AWS DevOps Day, and the takeaway is clear: VectorRAG is naive, lacks domain awareness, and can’t handle full dataset retrieval. GraphRAG builds a knowledge graph from source documents, allowing for a deeper understanding of the data + higher accuracy.

Why Orangescrum Is a Game Changer for Construction Companies in 2025Orangescrum

How to Optimize Your AWS Environment for Improved Cloud PerformanceThousandEyes

Societal challenges of AI: biases, multilinguism and sustainabilityJordi Cabot

Exploring Code Comprehension in Scientific Programming: Preliminary Insight...University of Hawai‘i at Mānoa

This presentation explores code comprehension challenges in scientific programming based on a survey of 57 research scientists. It reveals that 57.9% of scientists have no formal training in writing readable code. Key findings highlight a "documentation paradox" where documentation is both the most common readability practice and the biggest challenge scientists face. The study identifies critical issues with naming conventions and code organization, noting that 100% of scientists agree readable code is essential for reproducible research. The research concludes with four key recommendations: expanding programming education for scientists, conducting targeted research on scientific code quality, developing specialized tools, and establishing clearer documentation guidelines for scientific software. Presented at: The 33rd International Conference on Program Comprehension (ICPC '25) Date of Conference: April 2025 Conference Location: Ottawa, Ontario, Canada Preprint: https://arxiv.org/abs/2501.10037

Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Eric D. Schabell

It's time you stopped letting your telemetry data pressure your budgets and get in the way of solving issues with agility! No more I say! Take back control of your telemetry data as we guide you through the open source project Fluent Bit. Learn how to manage your telemetry data from source to destination using the pipeline phases covering collection, parsing, aggregation, transformation, and forwarding from any source to any destination. Buckle up for a fun ride as you learn by exploring how telemetry pipelines work, how to set up your first pipeline, and exploring several common use cases that Fluent Bit helps solve. All this backed by a self-paced, hands-on workshop that attendees can pursue at home after this session (https://o11y-workshops.gitlab.io/workshop-fluentbit).

Who Watches the Watchmen (SciFiDevCon 2025)Allon Mureinik

Tests, especially unit tests, are the developers’ superheroes. They allow us to mess around with our code and keep us safe. We often trust them with the safety of our codebase, but how do we know that we should? How do we know that this trust is well-deserved? Enter mutation testing – by intentionally injecting harmful mutations into our code and seeing if they are caught by the tests, we can evaluate the quality of the safety net they provide. By watching the watchmen, we can make sure our tests really protect us, and we aren’t just green-washing our IDEs to a false sense of security. Talk from SciFiDevCon 2025 https://www.scifidevcon.com/courses/2025-scifidevcon/contents/680efa43ae4f5

Kubernetes_101_Zero_to_Platform_Engineer.pptxCloudScouts

Avast Premium Security Crack FREE Latest Version 2025mu394968

🌍📱👉COPY LINK & PASTE ON GOOGLE https://dr-kain-geera.info/👈🌍 Avast Premium Security is a paid subscription service that provides comprehensive online security and privacy protection for multiple devices. It includes features like antivirus, firewall, ransomware protection, and website scanning, all designed to safeguard against a wide range of online threats, according to Avast. Key features of Avast Premium Security: Antivirus: Protects against viruses, malware, and other malicious software, according to Avast. Firewall: Controls network traffic and blocks unauthorized access to your devices, as noted by All About Cookies. Ransomware protection: Helps prevent ransomware attacks, which can encrypt your files and hold them hostage. Website scanning: Checks websites for malicious content before you visit them, according to Avast. Email Guardian: Scans your emails for suspicious attachments and phishing attempts. Multi-device protection: Covers up to 10 devices, including Windows, Mac, Android, and iOS, as stated by 2GO Software. Privacy features: Helps protect your personal data and online privacy. In essence, Avast Premium Security provides a robust suite of tools to keep your devices and online activity safe and secure, according to Avast.

Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...AxisTechnolabs

Interactive Odoo Dashboard for various business needs can provide users with dynamic, visually appealing dashboards tailored to their specific requirements. such a module that could support multiple dashboards for different aspects of a business ✅Visit And Buy Now : https://bit.ly/3VojWza ✅This Interactive Odoo dashboard module allow user to create their own odoo interactive dashboards for various purpose. App download now : Odoo 18 : https://bit.ly/3VojWza Odoo 17 : https://bit.ly/4h9Z47G Odoo 16 : https://bit.ly/3FJTEA4 Odoo 15 : https://bit.ly/3W7tsEB Odoo 14 : https://bit.ly/3BqZDHg Odoo 13 : https://bit.ly/3uNMF2t Try Our website appointment booking odoo app : https://bit.ly/3SvNvgU 👉Want a Demo ?📧 [email protected] ➡️Contact us for Odoo ERP Set up : 091066 49361 👉Explore more apps: https://bit.ly/3oFIOCF 👉Want to know more : 🌐 https://www.axistechnolabs.com/ #odoo #odoo18 #odoo17 #odoo16 #odoo15 #odooapps #dashboards #dashboardsoftware #odooerp #odooimplementation #odoodashboardapp #bestodoodashboard #dashboardapp #odoodashboard #dashboardmodule #interactivedashboard #bestdashboard #dashboard #odootag #odooservices #odoonewfeatures #newappfeatures #odoodashboardapp #dynamicdashboard #odooapp #odooappstore #TopOdooApps #odooapp #odooexperience #odoodevelopment #businessdashboard #allinonedashboard #odooproducts

Maxon CINEMA 4D 2025 Crack FREE Download LINKyounisnoman75

⭕️➡️ FOR DOWNLOAD LINK : http://drfiles.net/ ⬅️⭕️ Maxon Cinema 4D 2025 is the latest version of the Maxon's 3D software, released in September 2024, and it builds upon previous versions with new tools for procedural modeling and animation, as well as enhancements to particle, Pyro, and rigid body simulations. CG Channel also mentions that Cinema 4D 2025.2, released in April 2025, focuses on spline tools and unified simulation enhancements. Key improvements and features of Cinema 4D 2025 include: Procedural Modeling: New tools and workflows for creating models procedurally, including fabric weave and constellation generators. Procedural Animation: Field Driver tag for procedural animation. Simulation Enhancements: Improved particle, Pyro, and rigid body simulations. Spline Tools: Enhanced spline tools for motion graphics and animation, including spline modifiers from Rocket Lasso now included for all subscribers. Unified Simulation & Particles: Refined physics-based effects and improved particle systems. Boolean System: Modernized boolean system for precise 3D modeling. Particle Node Modifier: New particle node modifier for creating particle scenes. Learning Panel: Intuitive learning panel for new users. Redshift Integration: Maxon now includes access to the full power of Redshift rendering for all new subscriptions. In essence, Cinema 4D 2025 is a major update that provides artists with more powerful tools and workflows for creating 3D content, particularly in the fields of motion graphics, VFX, and visualization.

How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...Egor Kaleynik

This case study explores how we partnered with a mid-sized U.S. healthcare SaaS provider to help them scale from a successful pilot phase to supporting over 10,000 users—while meeting strict HIPAA compliance requirements. Faced with slow, manual testing cycles, frequent regression bugs, and looming audit risks, their growth was at risk. Their existing QA processes couldn’t keep up with the complexity of real-time biometric data handling, and earlier automation attempts had failed due to unreliable tools and fragmented workflows. We stepped in to deliver a full QA and DevOps transformation. Our team replaced their fragile legacy tests with Testim’s self-healing automation, integrated Postman and OWASP ZAP into Jenkins pipelines for continuous API and security validation, and leveraged AWS Device Farm for real-device, region-specific compliance testing. Custom deployment scripts gave them control over rollouts without relying on heavy CI/CD infrastructure. The result? Test cycle times were reduced from 3 days to just 8 hours, regression bugs dropped by 40%, and they passed their first HIPAA audit without issue—unlocking faster contract signings and enabling them to expand confidently. More than just a technical upgrade, this project embedded compliance into every phase of development, proving that SaaS providers in regulated industries can scale fast and stay secure.

Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Lionel Briand

Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Dele Amefo

Adobe Master Collection CC Crack Advance Version 2025kashifyounis067

Solidworks Crack 2025 latest new + license codeaneelaramzan63

Exploring Wayland: A Modern Display Server for the FutureICS

Revolutionizing Residential Wi-Fi PPT.pptxnidhisingh691197

Automation Techniques in RPA - UiPath CertificateVICTOR MAESTRE RAMIREZ

Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsBradBedford3

Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIdanshalev

Why Orangescrum Is a Game Changer for Construction Companies in 2025Orangescrum

How to Optimize Your AWS Environment for Improved Cloud PerformanceThousandEyes

Societal challenges of AI: biases, multilinguism and sustainabilityJordi Cabot

Exploring Code Comprehension in Scientific Programming: Preliminary Insight...University of Hawai‘i at Mānoa

Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Eric D. Schabell

Who Watches the Watchmen (SciFiDevCon 2025)Allon Mureinik

Kubernetes_101_Zero_to_Platform_Engineer.pptxCloudScouts

Avast Premium Security Crack FREE Latest Version 2025mu394968

Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...AxisTechnolabs

Maxon CINEMA 4D 2025 Crack FREE Download LINKyounisnoman75

How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...Egor Kaleynik

Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Lionel Briand

OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7

2. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure Deployment Changes in MySQL 5.7 Common problems and how do we intend to solve them Georgi Kodinov Team Lead, MySQL Server General Team

3. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | • Former banking IT Manager • Veteran software developer • Leading the MySQL Server General development team • Been with MySQL since 2006 • Regular MySQL conference speaker About Me

6. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure by Default ! • Help the novice user • People now needing to explicitly relax security constraints • Increases awareness and visibility of security issues 6 The “why”

7. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure by Default ! • mysql_secure_installation not needed on new installs ! • Single account with a random, expired password • No test/demo databases and data in the server package • Password strength validation plugin installed by default • Self signed SSL CA/keys pre-generated if absent • SSL encrypted connections by default • Control over data import/export file system locations • “Development” and “production” packages 7 The “how”

8. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Packaged in a Secure Way • Careful use of the OS accounts • All demo/test/example files in separate packages • No default passwords • Designated location data imported/exported through SQL commands 8

10. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | A Single root@localhost Account • Fully implemented in 5.7.7 (RC1) • No root@<ip address> • No anonymous accounts • No test accounts • With expired, auto-generated password • Looking into using passwordless authentication where available • FYI: Interactive installers will ask for a password 10

11. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | SSL Encryption by Default • Fully implemented in 5.7.7 (RC1) • SSL key material generated and set up at install time – CA, server and client certificates and keys • Clients attempting SSL connections by default • A way to force SSL on the client side 11

12. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Security Conscious Package Layout • Fully implemented in 5.7.7 (RC1) • Tests and demos into a separate package • A designated directory for OS file handling SQL commands • Reviewed the use of OS accounts and permissions 12

14. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | The New Server –initialize* Option • Heavy: mysql_install_db spawns the server in a weird mode • Not platform independent • Relying on external script files to bootstrap 14 Why ?

15. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | The New Server –initialize* Option • Everything needed linked into the server • No extra binaries • Works with the server binary = all server’s startup options work • Platform independent • Two modes: – --initialize: root account with expired auto-generated strong password – --initialize-insecure: root account without a password (scripts) • mysql_install_db still works, but deprecated 15 How ?

OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7

Recommended

More Related Content

What's hot (20)

Similar to OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7 (20)

More from Georgi Kodinov (20)

Recently uploaded (20)

OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7