mysql percona server mariadb server security features
play

MySQL/Percona Server/MariaDB Server security features overview Colin - PowerPoint PPT Presentation

Aug 23, 2022 •41 likes •681 views

MySQL/Percona Server/MariaDB Server security features overview Colin Charles, Chief Evangelist, Percona Inc. colin.charles@percona.com / byte@bytebot.net http://bytebot.net/blog/ | @bytebot on Twitter Percona Live Santa Clara 2018, Santa Clara,

  1. MySQL/Percona Server/MariaDB Server security features overview Colin Charles, Chief Evangelist, Percona Inc. colin.charles@percona.com / byte@bytebot.net http://bytebot.net/blog/ | @bytebot on Twitter Percona Live Santa Clara 2018, Santa Clara, California, USA 25 April 2018

  2. whoami • Chief Evangelist, Percona Inc • Focusing on the MySQL ecosystem (MySQL, Percona Server, MariaDB Server), as well as the MongoDB ecosystem (Percona Server for MongoDB) + 100% open source tools from Percona like Percona Monitoring & Management, Percona xtrabackup, Percona Toolkit, etc. • Founding team of MariaDB Server (2009-2016), previously at Monty Program Ab, merged with SkySQL Ab, now MariaDB Corporation • Formerly MySQL AB (exit: Sun Microsystems) • Past lives include The Fedora Project (FESCO), OpenOffice.org • MySQL Community Contributor of the Year Award winner 2014 #PerconaLive

  3. License • Creative Commons BY-NC-SA 4.0 • https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode 
 #PerconaLive

  4. MySQL Variants • MySQL Community Edition • Won’t cover: 3.23, 4.0, 4.1, 5.0, 5.1 • Will focus on: 5.5, 5.6, 5.7, and the newly released 8.0 • MySQL Enterprise Edition • Percona Server for MySQL • 5.5, 5.6, 5.7 • MariaDB Server • Won’t cover: 5.1, 5.2, 5.3 • 5.5, 10.0, 10.1, 10.2, with 10.3 as an alpha • What we won’t cover: MySQL Cluster (NDBCLUSTER), Galera Cluster, Group Replication/ InnoDB Cluster, X Protocol/mysqlsh (33060) #PerconaLive

  5. Structured Query Language (SQL) • ISO/IEC 9075 (reviewed every 5 years), SQL-86, SQL-89, SQL-92, SQL:1999, SQL:2003, SQL:2006, SQL:2008, SQL:2011, SQL:2016 • select @@global.sql_mode; • ANSI - come close to the SQL standard • STRICT_TRANS_TABLES - If a value could not be inserted as given into a transactional table, abort the statement. • TRADITIONAL - “give an error instead of a warning” when inserting an incorrect value into a column. • https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html • Deprecated - MariaDB Server has NO_AUTO_CREATE_USER but MySQL 5.7 has this in standard sql_mode #PerconaLive

  6. MySQL security by version • GRANT (3.23) • REVOKE (3.23) • SET PASSWORD (3.23) • SHOW GRANTS (3.23) • DROP USER (4.1) • SHOW PRIVILEGES (4.1) • CREATE USER (5.0) • RENAME USER (5.0) • ALTER USER (5.6) • SHOW CREATE USER (5.7) • CREATE ROLE (8.0) • DROP ROLE (8.0) • SET ROLE (8.0) • SET DEFAULT ROLE (8.0) • N/B: ROLES came to MariaDB Server in 10.0, and the DEFAULT ROLE came in 10.1 #PerconaLive

  7. mysql.user table • host • user • password (removed in 5.7; still present in MariaDB) • plugin (5.5) • authentication_string (5.5) • password_expired (5.6) • account_locked (5.7) Comparing mysql.user • Create_role_priv (8.0) between MariaDB Server 10.2 and MySQL 5.7 • Drop_role_priv (8.0) #PerconaLive

  8. Key security features by version • 5.1 - McAfee Audit plugin • 5.5 - pluggable authentication (MariaDB 5.2 backport), proxy users, changes in mysql.user table, client password warning; Enterprise provided Audit and PAM authentication (present again in Percona Server for MySQL and MariaDB Server) • 5.6 - encrypted client credentials (mysql_config_editor), sha256_password, password expiry, VALIDATE_PASSWORD_STRENGTH(), --random-passwords (optional random on install), mysql.user password_expired column; Enterprise Firewall • 5.7 - grep for root password on installation, password expiry every ‘n’ days, user accounts can be locked/unlocked, mysql_ssl_rsa_setup, mysql.user.password removed, super_read_only, at rest tablespace encryption • 8.0 - roles + mysql.user changes • MariaDB 10.0 - roles, userstats • MariaDB 10.1 - default roles, at rest table/tablespace encryption, simple_password_check, cracklib_password_check, AWS Key Management plugin • MariaDB 10.2 - user limits, ed25519 auth • Percona Server for MySQL 5.5 - extended SHOW GRANTS, utility user, userstats • Percona Server for MySQL 5.6 - super_read_only • Percona Server for MySQL 5.7 - Vault plugin #PerconaLive

  9. Installation Default Passwords • 'root' user • Pre 5.7 no password • 5.7 expired random password • Anonymous users • Removed in 5.7 #PerconaLive

  10. How are passwords stored in MySQL? (5.5) mysql55 >SELECT /* 5.5 */ host, user, password, plugin, authentication_string FROM mysql.user; 
 +-----------+------+----------+--------+-----------------------+ 
 | host | user | password | plugin | authentication_string | 
 +-----------+------+----------+--------+-----------------------+ 
 | localhost | root | | | | 
 | mysql55 | root | | | | 
 | 127.0.0.1 | root | | | | 
 | ::1 | root | | | | 
 | localhost | | | | NULL | 
 | mysql55 | | | | NULL | 
 +-----------+------+----------+--------+-----------------------+ 
 6 rows in set (0.00 sec) 
 #PerconaLive

  11. How are passwords stored in MySQL? (5.6) mysql56 >SELECT /* 5.6 */ host, user, password, plugin, authentication_string, password_expired FROM mysql.user; 
 +-----------+------+----------+-----------------------+-----------------------+------------------+ 
 | host | user | password | plugin | authentication_string | password_expired | 
 +-----------+------+----------+-----------------------+-----------------------+------------------+ 
 | localhost | root | | mysql_native_password | | N | 
 | mysql56 | root | | mysql_native_password | | N | 
 | 127.0.0.1 | root | | mysql_native_password | | N | 
 | ::1 | root | | mysql_native_password | | N | 
 | localhost | | | mysql_native_password | NULL | N | 
 | mysql56 | | | mysql_native_password | NULL | N | 
 +-----------+------+----------+-----------------------+-----------------------+------------------+ 
 6 rows in set (0.00 sec) 
 #PerconaLive

  12. How are passwords stored in MySQL? (5.7) mysql57 >SELECT /* 5.7 */ host, user, plugin, authentication_string, password_expired, password_last_changed, password_lifetime, account_locked FROM mysql.user; 
 +-----------+---------------+-----------------------+------------------------------------------- +------------------+-----------------------+-------------------+----------------+ 
 | host | user | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | 
 +-----------+---------------+-----------------------+------------------------------------------- +------------------+-----------------------+-------------------+----------------+ 
 | localhost | root | mysql_native_password | *E89C1DBB80A00976B61D19025C3081E4B190D8BE | N | 2017-09-03 18:45:43 | NULL | N | 
 | localhost | mysql.session | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | N | 2017-09-03 18:42:33 | NULL | Y | 
 | localhost | mysql.sys | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | N | 2017-09-03 18:42:33 | NULL | Y | 
 +-----------+---------------+-----------------------+------------------------------------------- +------------------+-----------------------+-------------------+----------------+ 
 3 rows in set (0.01 sec) 
 #PerconaLive

  13. How are passwords stored in MySQL? (8.0) mysql> SELECT /* 8.0 */ host, user, plugin, authentication_string, password_expired, password_last_changed, password_lifetime, account_locked FROM mysql.user; +-----------+------------------+-----------------------+------------------------------------------------------------------------ +------------------+-----------------------+-------------------+----------------+ | host | user | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | +-----------+------------------+-----------------------+------------------------------------------------------------------------ +------------------+-----------------------+-------------------+----------------+ | localhost | mysql.infoschema | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | N | 2018-04-25 13:04:15 | NULL | Y | | localhost | mysql.session | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | N | 2018-04-25 13:04:15 | NULL | Y | | localhost | mysql.sys | mysql_native_password | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | N | 2018-04-25 13:04:15 | NULL | Y | | localhost | root | caching_sha2_password | $A$005$hqy-OG+.:|qsypaH/HS.i19CInGfOtklCz3kyo4cZxqCFy2bEHcogi6/ | N | 2018-04-25 13:04:19 | NULL | N | +-----------+------------------+-----------------------+------------------------------------------------------------------------ +------------------+-----------------------+-------------------+----------------+ 4 rows in set (0.00 sec) #PerconaLive

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Percona Server for MySQL 8.0 Laurynas Biveinis Percona First of All, What Is Percona Server

Percona Server for MySQL 8.0 Laurynas Biveinis Percona First of All, What Is Percona Server

Percona Server for MySQL 8.0 Laurynas Biveinis Percona First of All, What Is Percona Server for MySQL? a free, fully compatible, enhanced and open source drop-in replacement for any MySQL database 2 First of All, What Is

2.47k views • 28 slides
Securing your MySQL/MariaDB Server Data Colin Charles, Ronald Bradford, Hank Eskin Percona Live

Securing your MySQL/MariaDB Server Data Colin Charles, Ronald Bradford, Hank Eskin Percona Live

Securing your MySQL/MariaDB Server Data Colin Charles, Ronald Bradford, Hank Eskin Percona Live Santa Clara 2017 #PerconaLive @bytebot @RonaldBradford @HankEskin About: Colin Charles Chief Evangelist (in the CTO office), Percona Inc

643 views • 52 slides
In-depth Percona Server/MySQL encryption Robert Golebiowski Percona Keyrings Keyrings

In-depth Percona Server/MySQL encryption Robert Golebiowski Percona Keyrings Keyrings

In-depth Percona Server/MySQL encryption Robert Golebiowski Percona Keyrings Keyrings General Concept Plugin installation - always successful - keyrings variables may need correction - keyring_vault_config - keyring_file_data 3

780 views • 47 slides
ALTER TABLE IMPROVEMENTS IN MARIA DB SERVER Marko Mkel Lead Developer InnoDB MariaDB

ALTER TABLE IMPROVEMENTS IN MARIA DB SERVER Marko Mkel Lead Developer InnoDB MariaDB

ALTER TABLE IMPROVEMENTS IN MARIA DB SERVER Marko Mkel Lead Developer InnoDB MariaDB Corporation Generic ALTER TABLE in MySQL & MariaDB CREATE ; INSERT SELECT ; RENAME ; DROP Starting with MySQL 5.6 & MariaDB 10.0,

1.51k views • 25 slides
Enhancing MySQL Security Vinicius Grippa Percona About me Support Engineer at Percona since

Enhancing MySQL Security Vinicius Grippa Percona About me Support Engineer at Percona since

Enhancing MySQL Security Vinicius Grippa Percona About me Support Engineer at Percona since 2017 Working with MySQL for over 5 years - Started with SQL Server Working with databases for 7 years 2 Agenda OS/Cloud security

1.16k views • 78 slides
MariaDB security features and best practices Robert Bindar Software Developer @MariaDB

MariaDB security features and best practices Robert Bindar Software Developer @MariaDB

MariaDB security features and best practices Robert Bindar Software Developer @MariaDB Foundation Percona Live Austin, 28-30 May 2019 Motivation - Users Potential public shaming through data breaches Massive loss of business

606 views • 42 slides
MariaDB 10.3 vs MySQL 8.0 Tyler Duzan, Product Manager Percona Who Am I? My name is Tyler

MariaDB 10.3 vs MySQL 8.0 Tyler Duzan, Product Manager Percona Who Am I? My name is Tyler

MariaDB 10.3 vs MySQL 8.0 Tyler Duzan, Product Manager Percona Who Am I? My name is Tyler Duzan Formerly an operations engineer for more than 12 years focused on security and automation Now a Product Manager at Percona

4.42k views • 37 slides
Learning MySQL 5.7 Jervin Real Percona Live 2017 1 / 21 Agenda 1. Background 2. New Features

Learning MySQL 5.7 Jervin Real Percona Live 2017 1 / 21 Agenda 1. Background 2. New Features

Learning MySQL 5.7 Jervin Real Percona Live 2017 1 / 21 Agenda 1. Background 2. New Features 3. Upgrading to 5.7 2 / 21 Background and Current State 3 / 21 Background and Current State In Comparison, MySQL 5.7 is: Percona Server 5.7

329 views • 21 slides
Mesosphere and Percona Server for MongoDB Peter Schwaller, Senior Director Server Eng. (Percona)

Mesosphere and Percona Server for MongoDB Peter Schwaller, Senior Director Server Eng. (Percona)

Mesosphere and Percona Server for MongoDB Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere) Mesosphere DC/OS MICROSERVICES, CONTAINERS, & DEV TOOLS DATA SERVICES, MACHINE LEARNING,

307 views • 18 slides
The Aspersa Toolkit Baron Schwartz O'Reilly MySQL Conference & Expo 2011 Consulting

The Aspersa Toolkit Baron Schwartz O'Reilly MySQL Conference & Expo 2011 Consulting

The Aspersa Toolkit Baron Schwartz O'Reilly MySQL Conference & Expo 2011 Consulting Support Training Development For MySQL Percona Server Replaces MySQL Faster Queries More Consistent More Measurable More Features

740 views • 30 slides
Building an Enterprise Grade PostgreSQL Using Open Source Tools and Extensions Avinash Vallarapu

Building an Enterprise Grade PostgreSQL Using Open Source Tools and Extensions Avinash Vallarapu

Building an Enterprise Grade PostgreSQL Using Open Source Tools and Extensions Avinash Vallarapu Percona Enterprise-Grade Support For Any Database Percona Server for MySQL Percona XtraDB Cluster Percona Server for MongoDB

521 views • 16 slides
Geographic Features in MySQL Tibor Korocz Percona What do I try to answer today? - Can MySQL

Geographic Features in MySQL Tibor Korocz Percona What do I try to answer today? - Can MySQL

Geographic Features in MySQL Tibor Korocz Percona What do I try to answer today? - Can MySQL 8 help us with the common usecases? - Distance Calculation. - What is near by me? - Does MySQL 8 give us better options/solutions for these

1.14k views • 52 slides
Vinicius Grippa Percona About me Support Engineer at Percona since 2017 Working with MySQL

Vinicius Grippa Percona About me Support Engineer at Percona since 2017 Working with MySQL

Whats new in Mongo 4.0 Vinicius Grippa Percona About me Support Engineer at Percona since 2017 Working with MySQL for over 5 years - Started with SQL Server Working with databases for 7 years 2 Agenda Transactions Support

744 views • 52 slides
Forecasting MySQL Scalability Baron Schwartz O'Reilly MySQL Conference & Expo 2011

Forecasting MySQL Scalability Baron Schwartz O'Reilly MySQL Conference & Expo 2011

Forecasting MySQL Scalability Baron Schwartz O'Reilly MySQL Conference & Expo 2011 Consulting Support Training Development For MySQL Percona Server Replaces MySQL Faster Queries More Consistent More Measurable More

670 views • 41 slides
Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for

Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for

Percona Backup for MongoDB Akira Kurogane Percona 3 - 2 - 1 MongoDB Percona Server for MongoDB Community Edition MongoDB Enterprise Edition Replica Set Cluster Percona Backup for MongoDB 2 Elements of MongoDB Backups 3 MongoDB oplog

1.43k views • 38 slides
Opensource Column Store Databases: MariaDB ColumnStore vs. ClickHouse Alexander Rubin

Opensource Column Store Databases: MariaDB ColumnStore vs. ClickHouse Alexander Rubin

Opensource Column Store Databases: MariaDB ColumnStore vs. ClickHouse Alexander Rubin VirtualHealth About me Working with MySQL for 10-15 years Started at MySQL AB 2006 - Sun Microsystems, Oracle (MySQL Consulting) - Percona since

644 views • 50 slides
Summary of campaign results Control of major risks on civil construction sites (2011/12) Concrete

Summary of campaign results Control of major risks on civil construction sites (2011/12) Concrete

Workplace Health and Safety Queensland Summary of campaign results Control of major risks on civil construction sites (2011/12) Concrete pump and placement boom compliance campaign (2012) Control of major risks on civil construction sites

553 views • 15 slides
Scheme-Style Macros: Patterns and Lexical Scope Matthew Flatt University of Utah 1 Why Macros?

Scheme-Style Macros: Patterns and Lexical Scope Matthew Flatt University of Utah 1 Why Macros?

Scheme-Style Macros: Patterns and Lexical Scope Matthew Flatt University of Utah 1 Why Macros? Language designers have to stop somewhere (544 pages) No language can provide every possible useful construct Macros let a programmer fill in gaps

1.05k views • 70 slides
MESOS & CONTAINERS Overview of Mesos containerization and upcoming filesystem isolation

MESOS & CONTAINERS Overview of Mesos containerization and upcoming filesystem isolation

MESOS & CONTAINERS Overview of Mesos containerization and upcoming filesystem isolation support (a.k.a the docker like thing) Yan Xu xujyan WHAT IS A CONTAINER Loosely defined: a lightweight VM / OS-level virtualization /

620 views • 34 slides
Stacks and Queues Worklists 1 Worklists A family of data structures that o can hold elements

Stacks and Queues Worklists 1 Worklists A family of data structures that o can hold elements

Stacks and Queues Worklists 1 Worklists A family of data structures that o can hold elements and o give us a way to get them back add an element retrieve an element to the worklist from the worklist Client view of a data structure The

542 views • 36 slides
Efficient and Verified Finite-Field Operations Andres Erbsen, Jade Philipoom, Jason Gross, Robert

Efficient and Verified Finite-Field Operations Andres Erbsen, Jade Philipoom, Jason Gross, Robert

Efficient and Verified Finite-Field Operations Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, Adam Chlipala RWC 2019 g i t h u b . c o m / m i t - p l v / fi a t - c r y p t o Example of Tricky Tedium:

513 views • 25 slides
Macros and Metaprogramming Dr. Mattox Beckman University of Illinois at Urbana-Champaign

Macros and Metaprogramming Dr. Mattox Beckman University of Illinois at Urbana-Champaign

Introduction Macro systems Variable Capture Macros and Metaprogramming Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of Computer Science Introduction Macro systems Variable Capture Objectives You should be able

551 views • 15 slides
ALLOCATION IN C CSSE 120 Rose Hulman Institute of Technology Final Exam Facts Date:

ALLOCATION IN C CSSE 120 Rose Hulman Institute of Technology Final Exam Facts Date:

FILES & DYNAMIC MEMORY ALLOCATION IN C CSSE 120 Rose Hulman Institute of Technology Final Exam Facts Date: Wednesday, Feb 25, 2009 Time: 8:00AM to 12:00 PM Venue: O267, O269, O231, O233 Chapters: Zelle chapters 1 to 12.1,

480 views • 16 slides
recursion 2: power, binary search Oct. 4/5, 2017 1 Recall: Converting to binary (iterative)

recursion 2: power, binary search Oct. 4/5, 2017 1 Recall: Converting to binary (iterative)

COMP 250 Lecture 12 recursion 2: power, binary search Oct. 4/5, 2017 1 Recall: Converting to binary (iterative) k = 0 while n > 0 { b[ k ] = n % 2 n = n / 2 k++ } Recall that in binary needs approximately bits.

663 views • 29 slides

More recommend