Last week, an SSL connection security vulnerability was reported for MySQL and MariaDB. The vulnerability states that since MariaDB and MySQL do not enforce SSL when SSL support is enabled, it is possible to launch Man In The Middle (MITM) attacks. MITM attacks can capture the secure connection and turn it into an unsecure connection, revealing data going back and forth to the server.
The MariaDB Audit Plugin, included in MariaDB Server by default since version 5.5.37 and 10.0.9 and now also pre-loaded in MariaDB Enterprise Versions, includes new filtering options starting with version 1.2.0.
This weekend Team MariaDB attended the 15th annual LinuxFest Northwest. This event has been growing every year, but this year it crossed over to become a HUGE event. There were over 1800 attendees this year, and we had the chance to talk to many of them at our booth and in our talks.
User accounts in MariaDB have traditionally been completely separate from operating system accounts. However, MariaDB has included a PAM authentication plugin since version 5.2.10. With this plugin, DBAs can configure MariaDB user accounts to authenticate via PAM, allowing users to use their Linux username and password to log into the MariaDB server.
When you want to connect a client to a database server through an insecure network, there are two main choices: use SSL or use an SSH tunnel. Although SSL often may seem to be the best option, SSH tunnels are in fact easier to implement and can be very effective. Traffic through an SSH tunnel is encrypted with all of the security of the SSH protocol, which has a strong track record against attacks.
So I am now back in my office in Vancouver, BC after an amazing week in Santa Clara for the Percona Live MySQL Conference and Expo. I though that I would take a break from trying to catch up with my email and write down some quick thoughts about this great event.
Recently, I asked Colt Engine to help us with the MaxScale Beta Testing process. They agreed to do this, but they had to find the best way to test a new environment, with MaxScale on top and with as little impact as possible on their datacenter. The traditional approach would be to create as many virtual machines as needed and configure them for the designed test environment. This is a valid approach, but it requires some time to setup and the unnecessary use of resources. Instead, they decided to use an “Application Container”; they decided to use Docker.
When we first announced MariaDB Enterprise last year in March of 2014, our goal was to deliver superior performance and customer experience in addition to a hardened and certified version of open source MariaDB Server. In the first release we delivered hardened and certified binaries, and with the second release in December 2014 we raised the bar in performance. At that time, we announced MariaDB Enterprise for the IBM POWER8 platform, with a 2.2x performance gain over the x86 platform.
In the first blog of these series, we've done a rapid walkthrough on how to use Ansible and Vagrant to start a master/slave pair. In this second post, we will delve into the inner workings of Ansible, explaining how to set up server inventories, automate MariaDB deployments, use configuration templates and much more.