SlideShare a Scribd company logo

2016 oSC MySQL Firewall

Download as PPTX, PDF
Georgi Kodinov
Georgi Kodinov

MySQL Firewall is an application level firewall filter that intercepts incoming queries and validates them against a database of normalized "safe" queries. As an integral part of the server it takes advantage of the parsing and normalization that is done anyway so it has minimal impact on normal operations. The firewall has multiple modes. In learning mode it collects the incoming query normalization in a scratchpad that can be persisted to disk. In alert mode it will just alert the DBA for an unknown query but still let it pass. And in protecting mode it will reject all unknown queries. The firewall can be used to limit SQL injection or as a complement to the privilege system to support only particular front end applications. We will go through all of the stages of installing, training and arming the MySQL firewall with understandable examples.

Software
1 of 27
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Add an extra layer of security to your database server Georgi “Joro” Kodinov MySQL Server General Team Lead
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Georgi “Joro” Kodinov MySQL @ Oracle  Server General Team Lead  Works on MySQL since 2006  Specializes in:  Security  Client/server protocol  Monitoring  Loves history, diverse world cultures  A devoted Formula 1 fan (Go, Massa !)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Agenda 3 Why a MySQL Firewall ? Firewall Architecture Installation and setup Operation Q&A
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? 4
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Simple ! Make SQL injection attacks harder ! 5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | “And it wouldn’t be a proper DBIR if we didn’t raise a glass to one of the elder statesmen of web application hacking, SQL injection (SQLi)” – http://www.verizonenterprise.com/verizon-insights- lab/dbir/2016/ 6
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? • Better SQL applications security – User accounts can execute only application SQL • Defense in dept – Extra layer, works with the other methods • Minimum performance cost – Takes advantage of the server’s SQL processor • No need for application changes – Works inside the server 7 Other reasons
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Exploits of a Mom 8 https://xkcd.com/327/
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Architecture 9
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall 10 Anatomy Firewall Plugin SELECT ?+? USE ? Engine • Compares incoming queries with the allowed list • Works on normalized statements • Multiple modes • Audit API plugin Statements Cache • Entirely in memory • Initialized from disk • Content visible through INFORMATION_SCHEMA
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Server MySQL Firewall 11 Operation SELECT 1+2 SELECT 1+2 SELECT 1+2 OR ..Deny Firewall Plugin SELECT ?+? USE ?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation Diagram 12
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing The MySQL Firewall 13
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 14
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing the MySQL Firewall $ mysql -u root -p mysql < linux_install_firewall.sql mysql> SHOW GLOBAL VARIABLES LIKE 'mysql_firewall_mode'; +---------------------+-------+ | Variable_name | Value | +---------------------+-------+ | mysql_firewall_mode | ON | +---------------------+-------+ 15 The command line version
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Operating the MySQL Firewall Case study: adding firewall protection to a WordPress installation 16
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | • Stock WordPress on apache2 • Uses the default wordpress@localhost MySQL account • Runs against a local MySQL server • MySQL server seeded with a user and a schema for WordPress • WordPress installation done with defaults 17 Step 1: Install WordPress
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 2: Put the Firewall Into Recording Mode • Command Line – $mysql -u root -p –e "CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'RECORDING');“ • Workbench 18
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 3: Accumulate White List Actions • The non-trivial part ! • Click through all of the WordPress sequences that you want to be enabled – This will generate the queries • I have only clicked through saving a draft of a post 19
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 4: Inspect The Accumulated Rules 20
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 5: Shields Up ! Switch To Protecting Mode mysql> CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'PROTECTING'); Query OK, 63 rows affected (0,00 sec) 21
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 6: Watch The Show ! mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 50 | | Firewall_access_granted | 664 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,01 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 57 | | Firewall_access_granted | 706 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 67 | | Firewall_access_granted | 782 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) 22
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What Does the Application Get ? • $ client/mysql -u wordpress --protocol=tcp -p -e "select version()“ ERROR 1045 (28000) at line 1: Statement was blocked by Firewall • [Mon Jun 20 13:23:00.091246 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user- new.php • [Mon Jun 20 13:23:00.094753 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, wp_insert_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user-new.php 23
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation: What Else ? • Can log suspicious queries (not in the whitelist) instead of/in addition to blocking • The mysql.mysql_firewall_* tables are not special tables. – It’s just that the firewall reads them at installation time – And the stored programs write the INFORMATION_SCHEMA tables into them • Can reset the stats – mysql_firewall_flush_status() resets the status variables • Can manipulate rule-sets – Aggregate, prune, edit etc 24
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Questions And Answers Confidential – Oracle 25
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Confidential – Oracle 26
2016 oSC MySQL Firewall

Recommended

BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 

Recommended

BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7Osama Mustafa
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Osama Mustafa
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5Osama Mustafa
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builderOsama Mustafa
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaMark Leith
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Oam install & config
Oam install & configOam install & config
Oam install & configVigilant Technologies
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOsama Mustafa
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovueOsama Mustafa
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMark Leith
 
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cOracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cTrivadis
 
MySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMatt Lord
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 

More Related Content

What's hot

Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Osama Mustafa
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5Osama Mustafa
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builderOsama Mustafa
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaMark Leith
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOsama Mustafa
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMark Leith
 
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cOracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cTrivadis
 

What's hot (20)

Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schema
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by Aswin
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench Integration
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sys
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builder
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance Schema
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helper
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
 
Oam install & config
Oam install & configOam install & config
Oam install & config
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLink
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovue
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
 
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cOracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12c
 

Similar to 2016 oSC MySQL Firewall

MySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMatt Lord
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
20161029 py con-mysq-lv3
20161029 py con-mysq-lv320161029 py con-mysq-lv3
20161029 py con-mysq-lv3Ivan Ma
 
Solving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorSolving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorOracleMySQL
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise MonitorMario Beck
 
MySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationMySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationNuno Carvalho
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMiguel Araújo
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01Ivan Ma
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...Geir Høydalsvik
 
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...GeneXus
 
Upgrading to my sql 8.0
Upgrading to my sql 8.0Upgrading to my sql 8.0
Upgrading to my sql 8.0Ståle Deraas
 
MySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoMySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoKeith Hollman
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMiguel Araújo
 
Basic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAsBasic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAsSveta Smirnova
 
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorNetherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorMark Swarbrick
 
Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0Ståle Deraas
 
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!Miguel Araújo
 
MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud ServiceMario Beck
 
MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019Yashada Jadhav
 

Similar to 2016 oSC MySQL Firewall (20)

MySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMySQL Group Replication - an Overview
MySQL Group Replication - an Overview
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
20161029 py con-mysq-lv3
20161029 py con-mysq-lv320161029 py con-mysq-lv3
20161029 py con-mysq-lv3
 
Solving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorSolving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise Monitor
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
 
MySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationMySQL High Availability with Group Replication
MySQL High Availability with Group Replication
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA Tool
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
 
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
 
Upgrading to my sql 8.0
Upgrading to my sql 8.0Upgrading to my sql 8.0
Upgrading to my sql 8.0
 
MySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoMySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demo
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB Clusters
 
Basic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAsBasic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAs
 
My sql 5.6&MySQL Cluster 7.3
My sql 5.6&MySQL Cluster 7.3My sql 5.6&MySQL Cluster 7.3
My sql 5.6&MySQL Cluster 7.3
 
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorNetherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
 
Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0
 
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
 
MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud Service
 
MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019
 

More from Georgi Kodinov

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptxGeorgi Kodinov
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptxGeorgi Kodinov
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneGeorgi Kodinov
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql cloneGeorgi Kodinov
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL CloneGeorgi Kodinov
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database serverGeorgi Kodinov
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaGeorgi Kodinov
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkGeorgi Kodinov
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureGeorgi Kodinov
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data MaskingGeorgi Kodinov
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQLGeorgi Kodinov
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLGeorgi Kodinov
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityGeorgi Kodinov
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentGeorgi Kodinov
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7Georgi Kodinov
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLGeorgi Kodinov
 

More from Georgi Kodinov (19)

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data Masking
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQL
 
Pl18 saving bandwidth
Pl18 saving bandwidthPl18 saving bandwidth
Pl18 saving bandwidth
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQL
 

Recently uploaded

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Recently uploaded (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

2016 oSC MySQL Firewall

  • 1. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Add an extra layer of security to your database server Georgi “Joro” Kodinov MySQL Server General Team Lead
  • 2. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Georgi “Joro” Kodinov MySQL @ Oracle  Server General Team Lead  Works on MySQL since 2006  Specializes in:  Security  Client/server protocol  Monitoring  Loves history, diverse world cultures  A devoted Formula 1 fan (Go, Massa !)
  • 3. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Agenda 3 Why a MySQL Firewall ? Firewall Architecture Installation and setup Operation Q&A
  • 4. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? 4
  • 5. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Simple ! Make SQL injection attacks harder ! 5
  • 6. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | “And it wouldn’t be a proper DBIR if we didn’t raise a glass to one of the elder statesmen of web application hacking, SQL injection (SQLi)” – http://www.verizonenterprise.com/verizon-insights- lab/dbir/2016/ 6
  • 7. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? • Better SQL applications security – User accounts can execute only application SQL • Defense in dept – Extra layer, works with the other methods • Minimum performance cost – Takes advantage of the server’s SQL processor • No need for application changes – Works inside the server 7 Other reasons
  • 8. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Exploits of a Mom 8 https://xkcd.com/327/
  • 9. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Architecture 9
  • 10. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall 10 Anatomy Firewall Plugin SELECT ?+? USE ? Engine • Compares incoming queries with the allowed list • Works on normalized statements • Multiple modes • Audit API plugin Statements Cache • Entirely in memory • Initialized from disk • Content visible through INFORMATION_SCHEMA
  • 11. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Server MySQL Firewall 11 Operation SELECT 1+2 SELECT 1+2 SELECT 1+2 OR ..Deny Firewall Plugin SELECT ?+? USE ?
  • 12. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation Diagram 12
  • 13. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing The MySQL Firewall 13
  • 14. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 14
  • 15. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing the MySQL Firewall $ mysql -u root -p mysql < linux_install_firewall.sql mysql> SHOW GLOBAL VARIABLES LIKE 'mysql_firewall_mode'; +---------------------+-------+ | Variable_name | Value | +---------------------+-------+ | mysql_firewall_mode | ON | +---------------------+-------+ 15 The command line version
  • 16. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Operating the MySQL Firewall Case study: adding firewall protection to a WordPress installation 16
  • 17. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | • Stock WordPress on apache2 • Uses the default wordpress@localhost MySQL account • Runs against a local MySQL server • MySQL server seeded with a user and a schema for WordPress • WordPress installation done with defaults 17 Step 1: Install WordPress
  • 18. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 2: Put the Firewall Into Recording Mode • Command Line – $mysql -u root -p –e "CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'RECORDING');“ • Workbench 18
  • 19. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 3: Accumulate White List Actions • The non-trivial part ! • Click through all of the WordPress sequences that you want to be enabled – This will generate the queries • I have only clicked through saving a draft of a post 19
  • 20. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 4: Inspect The Accumulated Rules 20
  • 21. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 5: Shields Up ! Switch To Protecting Mode mysql> CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'PROTECTING'); Query OK, 63 rows affected (0,00 sec) 21
  • 22. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 6: Watch The Show ! mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 50 | | Firewall_access_granted | 664 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,01 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 57 | | Firewall_access_granted | 706 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 67 | | Firewall_access_granted | 782 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) 22
  • 23. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What Does the Application Get ? • $ client/mysql -u wordpress --protocol=tcp -p -e "select version()“ ERROR 1045 (28000) at line 1: Statement was blocked by Firewall • [Mon Jun 20 13:23:00.091246 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user- new.php • [Mon Jun 20 13:23:00.094753 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, wp_insert_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user-new.php 23
  • 24. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation: What Else ? • Can log suspicious queries (not in the whitelist) instead of/in addition to blocking • The mysql.mysql_firewall_* tables are not special tables. – It’s just that the firewall reads them at installation time – And the stored programs write the INFORMATION_SCHEMA tables into them • Can reset the stats – mysql_firewall_flush_status() resets the status variables • Can manipulate rule-sets – Aggregate, prune, edit etc 24
  • 25. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Questions And Answers Confidential – Oracle 25
  • 26. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Confidential – Oracle 26

Editor's Notes

  1. Verizon’s 2016 Data Breach Investigations Report