SlideShare a Scribd company logo

OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7

Download as PPTX, PDF
Georgi Kodinov, profile picture
Georgi Kodinov

Georgi Kodinov presents on secure deployment changes in MySQL 5.7. The presentation covers recent trends towards more secure defaults, including having a single root account with an auto-generated, expired password and SSL encryption being enabled by default. Key changes for MySQL 5.7 are a single root account, SSL encryption by default, and tests and demos being separated from the main software package.

Software
Related topics:
Information Security
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure Deployment Changes in MySQL 5.7 Common problems and how do we intend to solve them Georgi Kodinov Team Lead, MySQL Server General Team
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | • Former banking IT Manager • Veteran software developer • Leading the MySQL Server General development team • Been with MySQL since 2006 • Regular MySQL conference speaker About Me
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Program Agenda Recent trends in secure MySQL deployment Secure deployment changes in MySQL 5.7 1 2 4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Recent Trends in Secure MySQL Deployment 5
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure by Default ! • Help the novice user • People now needing to explicitly relax security constraints • Increases awareness and visibility of security issues 6 The “why”
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure by Default ! • mysql_secure_installation not needed on new installs ! • Single account with a random, expired password • No test/demo databases and data in the server package • Password strength validation plugin installed by default • Self signed SSL CA/keys pre-generated if absent • SSL encrypted connections by default • Control over data import/export file system locations • “Development” and “production” packages 7 The “how”
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Packaged in a Secure Way • Careful use of the OS accounts • All demo/test/example files in separate packages • No default passwords • Designated location data imported/exported through SQL commands 8
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure Deployment Changes in MySQL 5.7 9
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | A Single root@localhost Account • Fully implemented in 5.7.7 (RC1) • No root@<ip address> • No anonymous accounts • No test accounts • With expired, auto-generated password • Looking into using passwordless authentication where available • FYI: Interactive installers will ask for a password 10
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | SSL Encryption by Default • Fully implemented in 5.7.7 (RC1) • SSL key material generated and set up at install time – CA, server and client certificates and keys • Clients attempting SSL connections by default • A way to force SSL on the client side 11
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Security Conscious Package Layout • Fully implemented in 5.7.7 (RC1) • Tests and demos into a separate package • A designated directory for OS file handling SQL commands • Reviewed the use of OS accounts and permissions 12
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Non Security Related, But Noteworthy 13
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | The New Server –initialize* Option • Heavy: mysql_install_db spawns the server in a weird mode • Not platform independent • Relying on external script files to bootstrap 14 Why ?
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | The New Server –initialize* Option • Everything needed linked into the server • No extra binaries • Works with the server binary = all server’s startup options work • Platform independent • Two modes: – --initialize: root account with expired auto-generated strong password – --initialize-insecure: root account without a password (scripts) • mysql_install_db still works, but deprecated 15 How ?
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Questions and Answers 16
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 17
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7

More Related Content

PDF
20150110 my sql-performanceschema
Ivan Ma
 
PPTX
MySQL Tech Tour 2015 - 5.7 Security
Mark Swarbrick
 
PDF
01 demystifying mysq-lfororacledbaanddeveloperv1
Ivan Ma
 
PDF
MySQL Security
Mario Beck
 
PPTX
Openfest15 MySQL Plugin Development
Georgi Kodinov
 
PDF
MySQL Intro JSON NoSQL
Mark Swarbrick
 
PDF
MySQL 5.7: Focus on Replication
Mario Beck
 
PDF
Mysql security 5.7
Mark Swarbrick
 
20150110 my sql-performanceschema
Ivan Ma
 
MySQL Tech Tour 2015 - 5.7 Security
Mark Swarbrick
 
01 demystifying mysq-lfororacledbaanddeveloperv1
Ivan Ma
 
MySQL Security
Mario Beck
 
Openfest15 MySQL Plugin Development
Georgi Kodinov
 
MySQL Intro JSON NoSQL
Mark Swarbrick
 
MySQL 5.7: Focus on Replication
Mario Beck
 
Mysql security 5.7
Mark Swarbrick
 

What's hot (20)

PPTX
MySQL High Availibility Solutions
Mark Swarbrick
 
PPT
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
Mark Swarbrick
 
PDF
MySQL Manchester TT - Replication Features
Mark Swarbrick
 
PDF
MySQL Tech Tour 2015 - Alt Intro
Mark Swarbrick
 
PDF
Upgrading to my sql 8.0
Ståle Deraas
 
PDF
MySQL The State of the Dolphin - jun15
MySQL Brasil
 
PPT
MySQL in Oracle environment : Quick start guide for Oracle DBA (Part 1)
OracleMySQL
 
PPTX
MySQL Performance Tuning 101 (Bahasa)
OracleMySQL
 
PDF
MySQL Enterprise Edition Overview
Mario Beck
 
PPTX
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
OracleMySQL
 
PPTX
Introduction to Oracle Infrastructure as a Service
Timothy Krupinski
 
PDF
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Mark Swarbrick
 
PDF
MySQL 5.7: What's New, Nov. 2015
Mario Beck
 
PDF
Sql tuning tools of the trade
Enkitec
 
PPTX
Robust easy affordable disaster recovery for MySQL Data
OracleMySQL
 
PDF
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Alfredo Krieg
 
PDF
Oracle Traffic Director - a vital part of your Oracle infrastructure
Simon Haslam
 
PDF
MySQL & Oracle Linux Keynote at Open Source India 2014
Sanjay Manwani
 
PPT
Intro to sql
Paresh Motiwala, PMP®
 
PDF
MySQL Enterprise Monitor
Mario Beck
 
MySQL High Availibility Solutions
Mark Swarbrick
 
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
Mark Swarbrick
 
MySQL Manchester TT - Replication Features
Mark Swarbrick
 
MySQL Tech Tour 2015 - Alt Intro
Mark Swarbrick
 
Upgrading to my sql 8.0
Ståle Deraas
 
MySQL The State of the Dolphin - jun15
MySQL Brasil
 
MySQL in Oracle environment : Quick start guide for Oracle DBA (Part 1)
OracleMySQL
 
MySQL Performance Tuning 101 (Bahasa)
OracleMySQL
 
MySQL Enterprise Edition Overview
Mario Beck
 
MySQL in oracle_environments(Part 2): MySQL Enterprise Monitor & Oracle Enter...
OracleMySQL
 
Introduction to Oracle Infrastructure as a Service
Timothy Krupinski
 
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Mark Swarbrick
 
MySQL 5.7: What's New, Nov. 2015
Mario Beck
 
Sql tuning tools of the trade
Enkitec
 
Robust easy affordable disaster recovery for MySQL Data
OracleMySQL
 
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Alfredo Krieg
 
Oracle Traffic Director - a vital part of your Oracle infrastructure
Simon Haslam
 
MySQL & Oracle Linux Keynote at Open Source India 2014
Sanjay Manwani
 
Intro to sql
Paresh Motiwala, PMP®
 
MySQL Enterprise Monitor
Mario Beck
 
Ad

Similar to OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7 (20)

PPTX
2014 OpenSuse Conf: Protect your MySQL Server
Georgi Kodinov
 
PDF
MySQL's new Secure by Default Install -- All Things Open October 20th 2015
Dave Stokes
 
PDF
Mysql user-camp-march-11th-2016
Harin Vadodaria
 
PDF
MySQL Security
Ted Wennmark
 
PDF
MySQL
PT.JUG
 
ODP
MySQL for Oracle DBAs
Ben Krug
 
PDF
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
Olivier DASINI
 
PDF
MariaDB Server & MySQL Security Essentials 2016
Colin Charles
 
PDF
MySQL Community and Commercial Edition
Mario Beck
 
PDF
MySQL Day Paris 2016 - MySQL Enterprise Edition
Olivier DASINI
 
PDF
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Colin Charles
 
PDF
Mysql repos testing.odp
Ramana Yeruva
 
PPTX
MySQL London Tech Tour March 2015 - Embedded Database of Choice
Mark Swarbrick
 
PPTX
BGOUG17: Cloudy with a chance of MySQL
Georgi Kodinov
 
PDF
MySQL for Oracle DBAs
Mario Beck
 
ODP
MySQL Enterprise Portfolio
Abel Flórez
 
PDF
Large Scale Deployment of SSL/TLS For MySQL
Daniël van Eeden
 
PDF
MySQL Security in a Cloudy World
Dave Stokes
 
PPTX
DevTalks.ro 2019 What's New in MySQL 8.0 Security
Georgi Kodinov
 
PDF
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Colin Charles
 
2014 OpenSuse Conf: Protect your MySQL Server
Georgi Kodinov
 
MySQL's new Secure by Default Install -- All Things Open October 20th 2015
Dave Stokes
 
Mysql user-camp-march-11th-2016
Harin Vadodaria
 
MySQL Security
Ted Wennmark
 
MySQL
PT.JUG
 
MySQL for Oracle DBAs
Ben Krug
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
Olivier DASINI
 
MariaDB Server & MySQL Security Essentials 2016
Colin Charles
 
MySQL Community and Commercial Edition
Mario Beck
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
Olivier DASINI
 
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Colin Charles
 
Mysql repos testing.odp
Ramana Yeruva
 
MySQL London Tech Tour March 2015 - Embedded Database of Choice
Mark Swarbrick
 
BGOUG17: Cloudy with a chance of MySQL
Georgi Kodinov
 
MySQL for Oracle DBAs
Mario Beck
 
MySQL Enterprise Portfolio
Abel Flórez
 
Large Scale Deployment of SSL/TLS For MySQL
Daniël van Eeden
 
MySQL Security in a Cloudy World
Dave Stokes
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
Georgi Kodinov
 
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Colin Charles
 
Ad

More from Georgi Kodinov (20)

PPTX
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
PPTX
2023 TurnovoConf MySQL Authentication.pptx
Georgi Kodinov
 
PPTX
2022 TurnovoConf MySQL за начинаещи.pptx
Georgi Kodinov
 
PPTX
OpenSUSE Conf 2020 MySQL Clone
Georgi Kodinov
 
PPTX
2020 pre fosdem mysql clone
Georgi Kodinov
 
PPTX
2019 BGOUG Autumn MySQL Clone
Georgi Kodinov
 
PPTX
2019 indit blackhat_honeypot your database server
Georgi Kodinov
 
PPTX
PLe19 How To Instrument Your Code in performance_schema
Georgi Kodinov
 
PPTX
DevTalks.ro 2019 MySQL Data Masking Talk
Georgi Kodinov
 
PPTX
FOSDEM19 MySQL Component Infrastructure
Georgi Kodinov
 
PPTX
MySQL Enterprise Data Masking
Georgi Kodinov
 
PPTX
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Georgi Kodinov
 
PPTX
How to add stuff to MySQL
Georgi Kodinov
 
PPTX
Pl18 saving bandwidth
Georgi Kodinov
 
PPTX
Pl17: MySQL 8.0: security
Georgi Kodinov
 
PPTX
Fosdem17 honeypot your database server
Georgi Kodinov
 
PPTX
2016 oSC MySQL Firewall
Georgi Kodinov
 
PPTX
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
 
PPTX
OUGLS 2016: How profiling works in MySQL
Georgi Kodinov
 
PPTX
BGOUG 2014 Decrease Your MySQL Attack Surface
Georgi Kodinov
 
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
2023 TurnovoConf MySQL Authentication.pptx
Georgi Kodinov
 
2022 TurnovoConf MySQL за начинаещи.pptx
Georgi Kodinov
 
OpenSUSE Conf 2020 MySQL Clone
Georgi Kodinov
 
2020 pre fosdem mysql clone
Georgi Kodinov
 
2019 BGOUG Autumn MySQL Clone
Georgi Kodinov
 
2019 indit blackhat_honeypot your database server
Georgi Kodinov
 
PLe19 How To Instrument Your Code in performance_schema
Georgi Kodinov
 
DevTalks.ro 2019 MySQL Data Masking Talk
Georgi Kodinov
 
FOSDEM19 MySQL Component Infrastructure
Georgi Kodinov
 
MySQL Enterprise Data Masking
Georgi Kodinov
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Georgi Kodinov
 
How to add stuff to MySQL
Georgi Kodinov
 
Pl18 saving bandwidth
Georgi Kodinov
 
Pl17: MySQL 8.0: security
Georgi Kodinov
 
Fosdem17 honeypot your database server
Georgi Kodinov
 
2016 oSC MySQL Firewall
Georgi Kodinov
 
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
Georgi Kodinov
 
BGOUG 2014 Decrease Your MySQL Attack Surface
Georgi Kodinov
 

Recently uploaded (20)

PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Introduction to Artificial Intelligence
lohedi9363
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
System and Network Administration Chapter 2
jaramharo
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 

OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7

  • 2. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure Deployment Changes in MySQL 5.7 Common problems and how do we intend to solve them Georgi Kodinov Team Lead, MySQL Server General Team
  • 3. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | • Former banking IT Manager • Veteran software developer • Leading the MySQL Server General development team • Been with MySQL since 2006 • Regular MySQL conference speaker About Me
  • 4. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Program Agenda Recent trends in secure MySQL deployment Secure deployment changes in MySQL 5.7 1 2 4
  • 5. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Recent Trends in Secure MySQL Deployment 5
  • 6. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure by Default ! • Help the novice user • People now needing to explicitly relax security constraints • Increases awareness and visibility of security issues 6 The “why”
  • 7. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure by Default ! • mysql_secure_installation not needed on new installs ! • Single account with a random, expired password • No test/demo databases and data in the server package • Password strength validation plugin installed by default • Self signed SSL CA/keys pre-generated if absent • SSL encrypted connections by default • Control over data import/export file system locations • “Development” and “production” packages 7 The “how”
  • 8. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Packaged in a Secure Way • Careful use of the OS accounts • All demo/test/example files in separate packages • No default passwords • Designated location data imported/exported through SQL commands 8
  • 9. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Secure Deployment Changes in MySQL 5.7 9
  • 10. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | A Single root@localhost Account • Fully implemented in 5.7.7 (RC1) • No root@<ip address> • No anonymous accounts • No test accounts • With expired, auto-generated password • Looking into using passwordless authentication where available • FYI: Interactive installers will ask for a password 10
  • 11. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | SSL Encryption by Default • Fully implemented in 5.7.7 (RC1) • SSL key material generated and set up at install time – CA, server and client certificates and keys • Clients attempting SSL connections by default • A way to force SSL on the client side 11
  • 12. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Security Conscious Package Layout • Fully implemented in 5.7.7 (RC1) • Tests and demos into a separate package • A designated directory for OS file handling SQL commands • Reviewed the use of OS accounts and permissions 12
  • 13. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Non Security Related, But Noteworthy 13
  • 14. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | The New Server –initialize* Option • Heavy: mysql_install_db spawns the server in a weird mode • Not platform independent • Relying on external script files to bootstrap 14 Why ?
  • 15. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | The New Server –initialize* Option • Everything needed linked into the server • No extra binaries • Works with the server binary = all server’s startup options work • Platform independent • Two modes: – --initialize: root account with expired auto-generated strong password – --initialize-insecure: root account without a password (scripts) • mysql_install_db still works, but deprecated 15 How ?
  • 16. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Questions and Answers 16
  • 17. Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 17