The slides for my MySQL Security Essentials presentation at Percona Live 2015 MySQL Conference and Expo are now available.
In this presentation I discuss just how insecure legacy versions of MySQL are and what are the essential requirements for securing your installation on disk, via network and with user privileges. I provide recommendations for how to manage application access for your most important data asset.
This presentation describes the key security improvements in MySQL 5.6 and MySQL 5.7 as well as additional features provided in MariaDB 10.0 and 10.1 supporting roles and encryption.
I have also included slides for how easy it is to Hack MySQL and examples of denial of service attacks that are possible with even limited MySQL access.
Todd Farmer says
Thanks for posting the slides! I notice the slides lack information on a few key features of MySQL 5.7, and want to provide a quick reference for those to supplement your slide deck:
* Proxy users have existing since 5.5, and can be used to solve use cases which are commonly associated with SQL roles. In 5.7, proxy user support is added to built-in authentication.
* Better CREATE USER and provide better separation between definition of privileges and account attributes, as well as enabling use cases like switching authentication plugins for existing users.
* Defaulting to use SSL/TLS, including automatically generating needed key material on server startup for OpenSSL-linked binaries. This has a number of implications to consider.
* User account locking added in 5.7.6.
Thanks for additional info. I’ll be sure to use this information next time.