1 of 3

Security

MariaDB ColumnStore uses MariaDB Server’s security—encryption, access control, auditing, and firewall—for secure analytics.

ColumnStore Security Vulnerabilities

Security vulnerabilities (CVEs) fixed in MariaDB ColumnStore, with links to release notes and the MariaDB Server CVE list; no known CVEs are open on ColumnStore-specific infrastructure.

About CVEs "About CVEs"
CVEs fixed in ColumnStore "CVEs fixed in ColumnStore"

This page is about security vulnerabilities that have been fixed for or still affect MariaDB ColumnStore. In addition, links are included to fixed security vulnerabilities in MariaDB Server since MariaDB ColumnStore is based on MariaDB Server.

Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.

About CVEs

CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free-to-use database of known software vulnerabilities maintained at

CVEs fixed in ColumnStore

The appropriate release notes listed document CVEs fixed within a given release. Additional information can also be found at .

There are no known CVEs on ColumnStore-specific infrastructure outside of the MariaDB server at this time.

Credentials Management

MariaDB Enterprise ColumnStore credentials management (6.2.3+) encrypts Columnstore.xml passwords via the cskeys and cspasswd utilities, with keys stored at /var/lib/columnstore/.secrets.

Overview

Starting with MariaDB Enterprise ColumnStore 6.2.3, ColumnStore supports encryption for user passwords stored in Columnstore.xml:

Encryption keys are created with the cskeys utility
Passwords are encrypted using the cspasswd utility

Compatibility

MariaDB Enterprise ColumnStore 6
MariaDB Enterprise ColumnStore 22.08
MariaDB Enterprise ColumnStore 23.02

Encryption Keys

MariaDB Enterprise ColumnStore stores its password encryption keys in the plain-text file /var/lib/columnstore/.secrets.

The encryption keys are not created by default, but can be generated by executing the cskeys utility:

In a multi-node Enterprise ColumnStore cluster, every ColumnStore node should have the same encryption keys. Therefore, it is recommended to execute cskeys on the primary server and then copy /var/lib/columnstore/.secrets to every other ColumnStore node and fix the file's permissions:

Encrypt a Password

To encrypt a password:

Generate an encrypted password using the cspasswd utility:

If the --interactive command-line option is specified, cspasswd prompts for the password.

Set the encrypted password in Columnstore.xml using the mcsSetConfig utility:

Decrypt a Password

To decrypt a password, execute the cspasswd utility and specify the --decrypt command-line option:

ColumnStore Security Vulnerabilities

Security vulnerabilities (CVEs) fixed in MariaDB ColumnStore, with links to release notes and the MariaDB Server CVE list; no known CVEs are open on ColumnStore-specific infrastructure.

About CVEs "About CVEs"
CVEs fixed in ColumnStore "CVEs fixed in ColumnStore"

Sensitive security issues can be sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.

About CVEs

CVE® stands for "Common Vulnerabilities and Exposures". It is a publicly available and free-to-use database of known software vulnerabilities maintained at

CVEs fixed in ColumnStore

The appropriate release notes listed document CVEs fixed within a given release. Additional information can also be found at .

There are no known CVEs on ColumnStore-specific infrastructure outside of the MariaDB server at this time.

Credentials Management

MariaDB Enterprise ColumnStore credentials management (6.2.3+) encrypts Columnstore.xml passwords via the cskeys and cspasswd utilities, with keys stored at /var/lib/columnstore/.secrets.

Overview

Starting with MariaDB Enterprise ColumnStore 6.2.3, ColumnStore supports encryption for user passwords stored in Columnstore.xml:

Encryption keys are created with the cskeys utility
Passwords are encrypted using the cspasswd utility

Compatibility

MariaDB Enterprise ColumnStore 6
MariaDB Enterprise ColumnStore 22.08
MariaDB Enterprise ColumnStore 23.02

Encryption Keys

MariaDB Enterprise ColumnStore stores its password encryption keys in the plain-text file /var/lib/columnstore/.secrets.

The encryption keys are not created by default, but can be generated by executing the cskeys utility:

Encrypt a Password

To encrypt a password:

Generate an encrypted password using the cspasswd utility:

If the --interactive command-line option is specified, cspasswd prompts for the password.

Set the encrypted password in Columnstore.xml using the mcsSetConfig utility:

Decrypt a Password

To decrypt a password, execute the cspasswd utility and specify the --decrypt command-line option:

Security

ColumnStore Security Vulnerabilities

hashtagAbout CVEs

hashtagCVEs fixed in ColumnStore

Credentials Management

hashtagOverview

hashtagCompatibility

hashtagEncryption Keys

hashtagEncrypt a Password

hashtagDecrypt a Password

ColumnStore Security Vulnerabilities

hashtagAbout CVEs

hashtagCVEs fixed in ColumnStore

Credentials Management

hashtagOverview

hashtagCompatibility

hashtagEncryption Keys

hashtagEncrypt a Password

hashtagDecrypt a Password

Security

About CVEs

CVEs fixed in ColumnStore

Overview

Compatibility

Encryption Keys

Encrypt a Password

Decrypt a Password

About CVEs

CVEs fixed in ColumnStore

Overview

Compatibility

Encryption Keys

Encrypt a Password

Decrypt a Password