SlideShare une entreprise Scribd logo
1  sur  27
Télécharger pour lire hors ligne
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1
Insert Picture Here
MySQL’S NewMySQL’S New
Secure by DefaultSecure by Default
InstallationInstallation
Dave Stokes
MySQL Community Manager
David.Stokes@Oracle.com
@stoker
Slideshare.net/davidmstokes
Insert Picture Here
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2
Safe Harbor
The following is intended to outline our general product direction. It
is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in
making purchasing decision. The development, release, and timing
of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.3
MySQL
 Most popular database on the web
 Ubiquitous
 16+ million instances
 Feeds 80% of Hadoop installs
 20 Years Old
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.4
But what have you
done for us
lately??
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.5
http://www.thecompletelistoffeatures.com/
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.6
MySQL 5.7 Highlights
● Native JSON data type
● GIS Spacial Extension
● Multi source Replication
● Query Rewrite Plugin
● Optimizer Cost Model
● InndoDB full text search
● For Chinese, Japanese,
Korean
● Replication Enhanced
● SyS Schema
● InnoDB
● Transparent page level
compression
● Native Partitioning
● Optimizer Cost Model
● Secure by default
Installation
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.7
MySQL 5.7 Security
http://www.thecompletelistoffeatures.com/
● Username size increased to 32 characters
● Support for IF [NOT] EXISTS clause in CREATE/DROP
USER
● Server option to require secure transport
● Support for multiple AES Encryption modes
● Support to LOCK/UNLOCK user accounts
● Support for password expiration policy
● Password strength enforcement
● test database no longer created on installation
● Anonymous users no longer created on installation
● MySQL Firewall (* commercial; feature also backported)
● Random password generated by default on
installation
● New ALTER USER command
● SET password='' now accepts a password instead of
hash
● Server now generates SSL keys by default
● Insecure old_password hash removed
● Ability to create utility users for stored programs that
can not login
● mysql.user.password field renamed as
authentication_string to better describe its current
usage.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.8
Yes, these changes will
impact you!
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.9
Benchmarks
http://www.mysql.com/why-mysql/benchmarks/
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.10
More Benchmarks
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.11
Username size increased
to 32 characters
● Used to be 16
● Long requested change
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.12
Support for IF [NOT] EXISTS
clause in CREATE/DROP USER
● An error occurs if you try to create an account that already
exists.
● As of MySQL 5.7.8, the IF NOT EXISTS clause can be used,
which causes the statement to produce a warning for each
named account that already exists, rather than an error.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.13
Server option to require secure transport
A new system variable, require_secure_transport,
enables administrators to require all client connections to
the server to be made using some form of secure
transport. Qualifying connections are those that use SSL, a
socket file (on Unix), or shared memory (on Windows).
When this variable is enabled, the server rejects nonsecure
connection attempts, which fail with an
ER_SECURE_TRANSPORT_REQUIRED error.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.14
Server now generates SSL keys by default
●
As of MySQL 5.7.5, the server-side --ssl option value is enabled by default. Also as of MySQL
5.7.5, MySQL servers compiled using OpenSSL can generate missing SSL files automatically
at startup. See Section 6.3.13.1, “Creating SSL and RSA Certificates and Keys using MySQL”.
● SSL file autodiscovery is enabled as of MySQL 5.7.5 (for servers compiled using OpenSSL) or
5.7.6 (for servers compiled using yaSSL). If --ssl is enabled and other SSL options are not
given to configure SSL explicitly, the server attempts to enable SSL automatically at startup:
● If the server discovers valid SSL files named ca.pem, server-cert.pem, and server-key.pem in the
data directory, it enables SSL to permit SSL connections by clients. (These files need not have been
autogenerated; what matters is that they have the indicated names and are valid.)
● If the server does not find valid SSL files in the data directory, it continues executing but does not
enable SSL.
● If the server automatically enables SSL, it writes a message to the error log. As of MySQL
5.7.6, if the server discovers that the CA certificate is self-signed, it writes a warning to the
error log. (The certificate will be self-signed if created automatically by the server or manually
using mysql_ssl_rsa_setup.)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.15
Support to LOCK/UNLOCK user accounts
● As of version 5.7.6, MySQL supports locking and unlocking user accounts using the
ACCOUNT LOCK and ACCOUNT UNLOCK clauses for the CREATE USER and
ALTER USER statements:
●
When used with CREATE USER, these clauses specify the initial locking state for
a new account. In the absence of either clause, the account is created in an
unlocked state.
●
When used with ALTER USER, these clauses specify the new locking state for an
existing account. In the absence of either clause, the account locking state
remains unchanged.
● Account locking state is recorded in the account_locked column of the mysql.user
table. The output from SHOW CREATE USER indicates whether an account is locked
or unlocked.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.16
Support for password expiration policy
● ALTER USER 'script'@'localhost' PASSWORD EXPIRE NEVER
● ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE;
● [mysqld]
default_password_lifetime=180
● A client session operates in restricted mode if the account password was expired
manually or if the password is considered past its lifetime per the automatic expiration
policy. In restricted mode, operations performed within the session result in an error until
the user establishes a new account password:
● ALTER USER USER() IDENTIFIED BY 'new_password';
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.17
Password strength enforcement
● The validate_password plugin can be used to test passwords and improve security
● The three levels of password checking are LOW, MEDIUM, and STRONG. The default
is MEDIUM; to change this, modify the value of validate_password_policy. The policies
implement increasingly strict password tests. The following descriptions refer to default
parameter values; these can be modified by changing the appropriate system variables.
●
LOW policy tests password length only. Passwords must be at least 8 characters long.
●
MEDIUM policy adds the conditions that passwords must contain at least 1 numeric character,
1 lowercase and uppercase character, and 1 special (nonalphanumeric) character.
●
STRONG policy adds the condition that password substrings of length 4 or longer must not
match words in the dictionary file, if one has been specified.
● If the validate_password plugin is not installed, the validate_password_xxx system
variables are not available, passwords in statements are not checked, and
VALIDATE_PASSWORD_STRENGTH() always returns 0.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.18
No test database or anonymous users created
● No test database, one less vulnerability for someone guessing
about your instance
● No accounts with no user name, no password.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.19
Random Root Password Generated
by Default on Installation
● mysql_install_db is deprecated as of MySQL 5.7.6 because its functionality has been
integrated into mysqld, the MySQL server. To initialize a MySQL installation, invoke mysqld
with the --initialize or --initialize-insecure option, See
https://dev.mysql.com/doc/refman/5.7/en/data-directory-initialization-mysqld.html
● With --initialize the server generates a random password, marks it as expired, and writes a
message displaying the password:
[Warning] A temporary password is generated for root@localhost:
iTag*AfrH5ej
● With --initialize-insecure the server does not generate a password or mark it expired, and
writes a warning message:
Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-
insecure option.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.20
New ALTER USER command
ALTER USER
'jeffrey'@'localhost' IDENTIFIED BY 'new-password',
'jeanne'@'localhost'
REQUIRE SSL WITH MAX_USER_CONNECTIONS 2;
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.21
mysql.user.password field renamed as
authentication_string to better describe
its current usage
● More than just a password!
● LDAP data
● CREATE USER 'sha256user'@'localhost'
IDENTIFIED WITH sha256_password BY 'Sh@256Pa33'
● [mysqld]
default_authentication_plugin=sha256_password
● New accounts will use SHA256
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.22
SQL MODE STRICT
● New Default SQL MODE
● Strict mode controls how MySQL handles invalid or missing values in data-change
statements such as INSERT or UPDATE. A value can be invalid for several reasons. For
example, it might have the wrong data type for the column, or it might be out of range. A
value is missing when a new row to be inserted does not contain a value for a non-NULL
column that has no explicit DEFAULT clause in its definition. (For a NULL column, NULL
is inserted if the value is missing.) Strict mode also affects DDL statements such as
CREATE TABLE.
● If strict mode is not in effect, MySQL inserts adjusted values for invalid or missing values
and produces warnings (see Section 13.7.5.40, “SHOW WARNINGS Syntax”). In strict
mode, you can produce this behavior by using INSERT IGNORE or UPDATE IGNORE.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.23
MySQL Modes
● The default SQL mode in MySQL 5.7 includes these modes:
ONLY_FULL_GROUP_BY, STRICT_TRANS_TABLES,
NO_ZERO_IN_DATE, NO_ZERO_DATE,
ERROR_FOR_DIVISION_BY_ZERO,
NO_AUTO_CREATE_USER, and
NO_ENGINE_SUBSTITUTION.
● For information about all available modes and MySQL's default
behavior, see Section 5.1.7, “Server SQL Modes” in the manual.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.24
Replication Changes
● Loss-less semi-sync replication
● Semi-sync can now wait for a configurable number of slaves
● Intra-schema parallel replication
●
Ability to tune group commit via binlog_group_commit_sync_delay and
binlog_group_commit_sync_no_delay_count options.
● Non-blocking SHOW SLAVE STATUS
●
Online CHANGE REPLICATION FILTER
● Online CHANGE MASTER TO without stopping SQL thread
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.25
MySQL Enterprise Firewall
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.26
Where to get MySQL 5.7MySQL 5.7
● Community & Enterprise Editions Download Page
www.mysql.com
● Yum repo
http://dev.mysql.com/downloads/repo/yum/
● Apt repo
http://dev.mysql.com/downloads/repo/apt/
● SUSE repo
http://dev.mysql.com/downloads/repo/suse/
● Windows
http://dev.mysql.com/downloads/windows/
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.27
Q/AQ/A
● Slides – Slideshare.net/davidmstokes
● Twitter – @Stoker
● Email – David.Stokes@Oracle.com
● Blog – OpenSourceDba@Wordpress.com

Contenu connexe

Tendances

MySQL High Availability Solutions - Avoid loss of service by reducing the r...
MySQL High Availability Solutions  -  Avoid loss of service by reducing the r...MySQL High Availability Solutions  -  Avoid loss of service by reducing the r...
MySQL High Availability Solutions - Avoid loss of service by reducing the r...Olivier DASINI
 
MySQL 8.0.21 - New Features Summary
MySQL 8.0.21 - New Features SummaryMySQL 8.0.21 - New Features Summary
MySQL 8.0.21 - New Features SummaryOlivier DASINI
 
MySQL Database Architectures - 2020-10
MySQL Database Architectures -  2020-10MySQL Database Architectures -  2020-10
MySQL Database Architectures - 2020-10Kenny Gryp
 
My sql storage engines
My sql storage enginesMy sql storage engines
My sql storage enginesVasudeva Rao
 
Embracing Database Diversity: The New Oracle / MySQL DBA - UKOUG
Embracing Database Diversity: The New Oracle / MySQL DBA -   UKOUGEmbracing Database Diversity: The New Oracle / MySQL DBA -   UKOUG
Embracing Database Diversity: The New Oracle / MySQL DBA - UKOUGKeith Hollman
 
My two cents about Mysql backup
My two cents about Mysql backupMy two cents about Mysql backup
My two cents about Mysql backupAndrejs Vorobjovs
 
MySQL Performance Tuning Variables
MySQL Performance Tuning VariablesMySQL Performance Tuning Variables
MySQL Performance Tuning VariablesFromDual GmbH
 
MySQL Best Practices - OTN LAD Tour
MySQL Best Practices - OTN LAD TourMySQL Best Practices - OTN LAD Tour
MySQL Best Practices - OTN LAD TourRonald Bradford
 
Welcome to MySQL
Welcome to MySQLWelcome to MySQL
Welcome to MySQLGrigale LTD
 
Percona Xtrabackup - Highly Efficient Backups
Percona Xtrabackup - Highly Efficient BackupsPercona Xtrabackup - Highly Efficient Backups
Percona Xtrabackup - Highly Efficient BackupsMydbops
 
Mater,slave on mysql
Mater,slave on mysqlMater,slave on mysql
Mater,slave on mysqlVasudeva Rao
 
Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories.
Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories. Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories.
Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories. Andrejs Vorobjovs
 
MySQL 8.0.19 - New Features Summary
MySQL 8.0.19 - New Features SummaryMySQL 8.0.19 - New Features Summary
MySQL 8.0.19 - New Features SummaryOlivier DASINI
 
Tx lf propercareandfeedmysql
Tx lf propercareandfeedmysqlTx lf propercareandfeedmysql
Tx lf propercareandfeedmysqlDave Stokes
 
MySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisationMySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisationMark Swarbrick
 
Online MySQL Backups with Percona XtraBackup
Online MySQL Backups with Percona XtraBackupOnline MySQL Backups with Percona XtraBackup
Online MySQL Backups with Percona XtraBackupKenny Gryp
 
MariaDB 10.5 binary install (바이너리 설치)
MariaDB 10.5 binary install (바이너리 설치)MariaDB 10.5 binary install (바이너리 설치)
MariaDB 10.5 binary install (바이너리 설치)NeoClova
 

Tendances (20)

MySQL High Availability Solutions - Avoid loss of service by reducing the r...
MySQL High Availability Solutions  -  Avoid loss of service by reducing the r...MySQL High Availability Solutions  -  Avoid loss of service by reducing the r...
MySQL High Availability Solutions - Avoid loss of service by reducing the r...
 
MySQL 8.0.21 - New Features Summary
MySQL 8.0.21 - New Features SummaryMySQL 8.0.21 - New Features Summary
MySQL 8.0.21 - New Features Summary
 
MySQL Database Architectures - 2020-10
MySQL Database Architectures -  2020-10MySQL Database Architectures -  2020-10
MySQL Database Architectures - 2020-10
 
My sql storage engines
My sql storage enginesMy sql storage engines
My sql storage engines
 
Embracing Database Diversity: The New Oracle / MySQL DBA - UKOUG
Embracing Database Diversity: The New Oracle / MySQL DBA -   UKOUGEmbracing Database Diversity: The New Oracle / MySQL DBA -   UKOUG
Embracing Database Diversity: The New Oracle / MySQL DBA - UKOUG
 
My two cents about Mysql backup
My two cents about Mysql backupMy two cents about Mysql backup
My two cents about Mysql backup
 
MySQL Performance Tuning Variables
MySQL Performance Tuning VariablesMySQL Performance Tuning Variables
MySQL Performance Tuning Variables
 
MySQL Best Practices - OTN LAD Tour
MySQL Best Practices - OTN LAD TourMySQL Best Practices - OTN LAD Tour
MySQL Best Practices - OTN LAD Tour
 
Welcome to MySQL
Welcome to MySQLWelcome to MySQL
Welcome to MySQL
 
Percona Xtrabackup - Highly Efficient Backups
Percona Xtrabackup - Highly Efficient BackupsPercona Xtrabackup - Highly Efficient Backups
Percona Xtrabackup - Highly Efficient Backups
 
Mater,slave on mysql
Mater,slave on mysqlMater,slave on mysql
Mater,slave on mysql
 
Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories.
Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories. Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories.
Middleware upgrade to Oracle Fusion Middleware(FMW) 12c.Real Case stories.
 
Perf Tuning Short
Perf Tuning ShortPerf Tuning Short
Perf Tuning Short
 
MySQL 8.0.19 - New Features Summary
MySQL 8.0.19 - New Features SummaryMySQL 8.0.19 - New Features Summary
MySQL 8.0.19 - New Features Summary
 
MySQL Backup & Recovery
MySQL Backup & RecoveryMySQL Backup & Recovery
MySQL Backup & Recovery
 
MySQL DBA
MySQL DBAMySQL DBA
MySQL DBA
 
Tx lf propercareandfeedmysql
Tx lf propercareandfeedmysqlTx lf propercareandfeedmysql
Tx lf propercareandfeedmysql
 
MySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisationMySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisation
 
Online MySQL Backups with Percona XtraBackup
Online MySQL Backups with Percona XtraBackupOnline MySQL Backups with Percona XtraBackup
Online MySQL Backups with Percona XtraBackup
 
MariaDB 10.5 binary install (바이너리 설치)
MariaDB 10.5 binary install (바이너리 설치)MariaDB 10.5 binary install (바이너리 설치)
MariaDB 10.5 binary install (바이너리 설치)
 

Similaire à MySQL's new Secure by Default Install -- All Things Open October 20th 2015

2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksSoutheast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksDave Stokes
 
Ohio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLOhio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLDave Stokes
 
Upgrading to my sql 8.0
Upgrading to my sql 8.0Upgrading to my sql 8.0
Upgrading to my sql 8.0Ståle Deraas
 
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL  -- Texas Linuxfest August 22nd 2015MySQL's NoSQL  -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015Dave Stokes
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0Olivier DASINI
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT  - Performance TuningMySQL Manchester TT  - Performance Tuning
MySQL Manchester TT - Performance TuningMark Swarbrick
 
MySQL Community and Commercial Edition
MySQL Community and Commercial EditionMySQL Community and Commercial Edition
MySQL Community and Commercial EditionMario Beck
 
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMark Swarbrick
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7Georgi Kodinov
 
Upgrade from MySQL 5.7 to MySQL 8.0
Upgrade from MySQL 5.7 to MySQL 8.0Upgrade from MySQL 5.7 to MySQL 8.0
Upgrade from MySQL 5.7 to MySQL 8.0Olivier DASINI
 
1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivanIvan Tu
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsBen Krug
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01Ivan Ma
 
MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019Yashada Jadhav
 
Mysql 56-experiences-bugs-solutions-50mins
Mysql 56-experiences-bugs-solutions-50minsMysql 56-experiences-bugs-solutions-50mins
Mysql 56-experiences-bugs-solutions-50minsValeriy Kravchuk
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Harin Vadodaria
 

Similaire à MySQL's new Secure by Default Install -- All Things Open October 20th 2015 (20)

2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & TricksSoutheast Linuxfest -- MySQL User Admin Tips & Tricks
Southeast Linuxfest -- MySQL User Admin Tips & Tricks
 
MySQL NoSQL APIs
MySQL NoSQL APIsMySQL NoSQL APIs
MySQL NoSQL APIs
 
Ohio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQLOhio Linux Fest -- MySQL's NoSQL
Ohio Linux Fest -- MySQL's NoSQL
 
Upgrading to my sql 8.0
Upgrading to my sql 8.0Upgrading to my sql 8.0
Upgrading to my sql 8.0
 
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL  -- Texas Linuxfest August 22nd 2015MySQL's NoSQL  -- Texas Linuxfest August 22nd 2015
MySQL's NoSQL -- Texas Linuxfest August 22nd 2015
 
MySQL 5.7 + Java
MySQL 5.7 + JavaMySQL 5.7 + Java
MySQL 5.7 + Java
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT  - Performance TuningMySQL Manchester TT  - Performance Tuning
MySQL Manchester TT - Performance Tuning
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
 
MySQL Community and Commercial Edition
MySQL Community and Commercial EditionMySQL Community and Commercial Edition
MySQL Community and Commercial Edition
 
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
 
Upgrade from MySQL 5.7 to MySQL 8.0
Upgrade from MySQL 5.7 to MySQL 8.0Upgrade from MySQL 5.7 to MySQL 8.0
Upgrade from MySQL 5.7 to MySQL 8.0
 
1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan1 my sql20151219-kaji_ivan
1 my sql20151219-kaji_ivan
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01
 
MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019
 
Mysql 56-experiences-bugs-solutions-50mins
Mysql 56-experiences-bugs-solutions-50minsMysql 56-experiences-bugs-solutions-50mins
Mysql 56-experiences-bugs-solutions-50mins
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
 

Plus de Dave Stokes

Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxDave Stokes
 
Linuxfest Northwest 2022 - MySQL 8.0 Nre Features
Linuxfest Northwest 2022 - MySQL 8.0 Nre FeaturesLinuxfest Northwest 2022 - MySQL 8.0 Nre Features
Linuxfest Northwest 2022 - MySQL 8.0 Nre FeaturesDave Stokes
 
MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022Dave Stokes
 
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019Dave Stokes
 
Windowing Functions - Little Rock Tech fest 2019
Windowing Functions - Little Rock Tech fest 2019Windowing Functions - Little Rock Tech fest 2019
Windowing Functions - Little Rock Tech fest 2019Dave Stokes
 
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019Dave Stokes
 
Develop PHP Applications with MySQL X DevAPI
Develop PHP Applications with MySQL X DevAPIDevelop PHP Applications with MySQL X DevAPI
Develop PHP Applications with MySQL X DevAPIDave Stokes
 
MySQL 8 Tips and Tricks from Symfony USA 2018, San Francisco
MySQL 8 Tips and Tricks from Symfony USA 2018, San FranciscoMySQL 8 Tips and Tricks from Symfony USA 2018, San Francisco
MySQL 8 Tips and Tricks from Symfony USA 2018, San FranciscoDave Stokes
 
The Proper Care and Feeding of MySQL Databases
The Proper Care and Feeding of MySQL DatabasesThe Proper Care and Feeding of MySQL Databases
The Proper Care and Feeding of MySQL DatabasesDave Stokes
 
MySQL without the SQL -- Cascadia PHP
MySQL without the SQL -- Cascadia PHPMySQL without the SQL -- Cascadia PHP
MySQL without the SQL -- Cascadia PHPDave Stokes
 
MySQL 8 Server Optimization Swanseacon 2018
MySQL 8 Server Optimization Swanseacon 2018MySQL 8 Server Optimization Swanseacon 2018
MySQL 8 Server Optimization Swanseacon 2018Dave Stokes
 
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018MySQL Without The SQL -- Oh My! PHP[Tek] June 2018
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018Dave Stokes
 
Presentation Skills for Open Source Folks
Presentation Skills for Open Source FolksPresentation Skills for Open Source Folks
Presentation Skills for Open Source FolksDave Stokes
 
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My!  Longhorn PHP ConferenceMySQL Without the SQL -- Oh My!  Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP ConferenceDave Stokes
 
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)Dave Stokes
 
ConFoo MySQL Replication Evolution : From Simple to Group Replication
ConFoo  MySQL Replication Evolution : From Simple to Group ReplicationConFoo  MySQL Replication Evolution : From Simple to Group Replication
ConFoo MySQL Replication Evolution : From Simple to Group ReplicationDave Stokes
 
Advanced MySQL Query Optimizations
Advanced MySQL Query OptimizationsAdvanced MySQL Query Optimizations
Advanced MySQL Query OptimizationsDave Stokes
 
Making MySQL Agile-ish
Making MySQL Agile-ishMaking MySQL Agile-ish
Making MySQL Agile-ishDave Stokes
 
PHP Database Programming Basics -- Northeast PHP
PHP Database Programming Basics -- Northeast PHPPHP Database Programming Basics -- Northeast PHP
PHP Database Programming Basics -- Northeast PHPDave Stokes
 
MySQL 101 PHPTek 2017
MySQL 101 PHPTek 2017MySQL 101 PHPTek 2017
MySQL 101 PHPTek 2017Dave Stokes
 

Plus de Dave Stokes (20)

Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptx
 
Linuxfest Northwest 2022 - MySQL 8.0 Nre Features
Linuxfest Northwest 2022 - MySQL 8.0 Nre FeaturesLinuxfest Northwest 2022 - MySQL 8.0 Nre Features
Linuxfest Northwest 2022 - MySQL 8.0 Nre Features
 
MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022MySQL Indexes and Histograms - RMOUG Training Days 2022
MySQL Indexes and Histograms - RMOUG Training Days 2022
 
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019
MySQL 8.0 Features -- Oracle CodeOne 2019, All Things Open 2019
 
Windowing Functions - Little Rock Tech fest 2019
Windowing Functions - Little Rock Tech fest 2019Windowing Functions - Little Rock Tech fest 2019
Windowing Functions - Little Rock Tech fest 2019
 
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019
MySQL Baics - Texas Linxufest beginners tutorial May 31st, 2019
 
Develop PHP Applications with MySQL X DevAPI
Develop PHP Applications with MySQL X DevAPIDevelop PHP Applications with MySQL X DevAPI
Develop PHP Applications with MySQL X DevAPI
 
MySQL 8 Tips and Tricks from Symfony USA 2018, San Francisco
MySQL 8 Tips and Tricks from Symfony USA 2018, San FranciscoMySQL 8 Tips and Tricks from Symfony USA 2018, San Francisco
MySQL 8 Tips and Tricks from Symfony USA 2018, San Francisco
 
The Proper Care and Feeding of MySQL Databases
The Proper Care and Feeding of MySQL DatabasesThe Proper Care and Feeding of MySQL Databases
The Proper Care and Feeding of MySQL Databases
 
MySQL without the SQL -- Cascadia PHP
MySQL without the SQL -- Cascadia PHPMySQL without the SQL -- Cascadia PHP
MySQL without the SQL -- Cascadia PHP
 
MySQL 8 Server Optimization Swanseacon 2018
MySQL 8 Server Optimization Swanseacon 2018MySQL 8 Server Optimization Swanseacon 2018
MySQL 8 Server Optimization Swanseacon 2018
 
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018MySQL Without The SQL -- Oh My! PHP[Tek] June 2018
MySQL Without The SQL -- Oh My! PHP[Tek] June 2018
 
Presentation Skills for Open Source Folks
Presentation Skills for Open Source FolksPresentation Skills for Open Source Folks
Presentation Skills for Open Source Folks
 
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
MySQL Without the SQL -- Oh My!  Longhorn PHP ConferenceMySQL Without the SQL -- Oh My!  Longhorn PHP Conference
MySQL Without the SQL -- Oh My! Longhorn PHP Conference
 
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)
MySQL 8 -- A new beginning : Sunshine PHP/PHP UK (updated)
 
ConFoo MySQL Replication Evolution : From Simple to Group Replication
ConFoo  MySQL Replication Evolution : From Simple to Group ReplicationConFoo  MySQL Replication Evolution : From Simple to Group Replication
ConFoo MySQL Replication Evolution : From Simple to Group Replication
 
Advanced MySQL Query Optimizations
Advanced MySQL Query OptimizationsAdvanced MySQL Query Optimizations
Advanced MySQL Query Optimizations
 
Making MySQL Agile-ish
Making MySQL Agile-ishMaking MySQL Agile-ish
Making MySQL Agile-ish
 
PHP Database Programming Basics -- Northeast PHP
PHP Database Programming Basics -- Northeast PHPPHP Database Programming Basics -- Northeast PHP
PHP Database Programming Basics -- Northeast PHP
 
MySQL 101 PHPTek 2017
MySQL 101 PHPTek 2017MySQL 101 PHPTek 2017
MySQL 101 PHPTek 2017
 

Dernier

Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxlibertyuae uae
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technologysoufianbouktaib1
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxJustineGarcia32
 
overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of VirtualizationRajan yadav
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?krc0yvm5
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...hasimatwork
 
Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Eric Johnson
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondContinuent
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfMaria Adalfio
 

Dernier (10)

Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptx
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technology
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptx
 
overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualization
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
 
Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdf
 

MySQL's new Secure by Default Install -- All Things Open October 20th 2015

  • 1. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1 Insert Picture Here MySQL’S NewMySQL’S New Secure by DefaultSecure by Default InstallationInstallation Dave Stokes MySQL Community Manager David.Stokes@Oracle.com @stoker Slideshare.net/davidmstokes Insert Picture Here
  • 2. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2 Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 3. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.3 MySQL  Most popular database on the web  Ubiquitous  16+ million instances  Feeds 80% of Hadoop installs  20 Years Old
  • 4. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.4 But what have you done for us lately??
  • 5. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.5 http://www.thecompletelistoffeatures.com/
  • 6. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.6 MySQL 5.7 Highlights ● Native JSON data type ● GIS Spacial Extension ● Multi source Replication ● Query Rewrite Plugin ● Optimizer Cost Model ● InndoDB full text search ● For Chinese, Japanese, Korean ● Replication Enhanced ● SyS Schema ● InnoDB ● Transparent page level compression ● Native Partitioning ● Optimizer Cost Model ● Secure by default Installation
  • 7. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.7 MySQL 5.7 Security http://www.thecompletelistoffeatures.com/ ● Username size increased to 32 characters ● Support for IF [NOT] EXISTS clause in CREATE/DROP USER ● Server option to require secure transport ● Support for multiple AES Encryption modes ● Support to LOCK/UNLOCK user accounts ● Support for password expiration policy ● Password strength enforcement ● test database no longer created on installation ● Anonymous users no longer created on installation ● MySQL Firewall (* commercial; feature also backported) ● Random password generated by default on installation ● New ALTER USER command ● SET password='' now accepts a password instead of hash ● Server now generates SSL keys by default ● Insecure old_password hash removed ● Ability to create utility users for stored programs that can not login ● mysql.user.password field renamed as authentication_string to better describe its current usage.
  • 8. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.8 Yes, these changes will impact you!
  • 9. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.9 Benchmarks http://www.mysql.com/why-mysql/benchmarks/
  • 10. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.10 More Benchmarks
  • 11. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.11 Username size increased to 32 characters ● Used to be 16 ● Long requested change
  • 12. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.12 Support for IF [NOT] EXISTS clause in CREATE/DROP USER ● An error occurs if you try to create an account that already exists. ● As of MySQL 5.7.8, the IF NOT EXISTS clause can be used, which causes the statement to produce a warning for each named account that already exists, rather than an error.
  • 13. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.13 Server option to require secure transport A new system variable, require_secure_transport, enables administrators to require all client connections to the server to be made using some form of secure transport. Qualifying connections are those that use SSL, a socket file (on Unix), or shared memory (on Windows). When this variable is enabled, the server rejects nonsecure connection attempts, which fail with an ER_SECURE_TRANSPORT_REQUIRED error.
  • 14. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.14 Server now generates SSL keys by default ● As of MySQL 5.7.5, the server-side --ssl option value is enabled by default. Also as of MySQL 5.7.5, MySQL servers compiled using OpenSSL can generate missing SSL files automatically at startup. See Section 6.3.13.1, “Creating SSL and RSA Certificates and Keys using MySQL”. ● SSL file autodiscovery is enabled as of MySQL 5.7.5 (for servers compiled using OpenSSL) or 5.7.6 (for servers compiled using yaSSL). If --ssl is enabled and other SSL options are not given to configure SSL explicitly, the server attempts to enable SSL automatically at startup: ● If the server discovers valid SSL files named ca.pem, server-cert.pem, and server-key.pem in the data directory, it enables SSL to permit SSL connections by clients. (These files need not have been autogenerated; what matters is that they have the indicated names and are valid.) ● If the server does not find valid SSL files in the data directory, it continues executing but does not enable SSL. ● If the server automatically enables SSL, it writes a message to the error log. As of MySQL 5.7.6, if the server discovers that the CA certificate is self-signed, it writes a warning to the error log. (The certificate will be self-signed if created automatically by the server or manually using mysql_ssl_rsa_setup.)
  • 15. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.15 Support to LOCK/UNLOCK user accounts ● As of version 5.7.6, MySQL supports locking and unlocking user accounts using the ACCOUNT LOCK and ACCOUNT UNLOCK clauses for the CREATE USER and ALTER USER statements: ● When used with CREATE USER, these clauses specify the initial locking state for a new account. In the absence of either clause, the account is created in an unlocked state. ● When used with ALTER USER, these clauses specify the new locking state for an existing account. In the absence of either clause, the account locking state remains unchanged. ● Account locking state is recorded in the account_locked column of the mysql.user table. The output from SHOW CREATE USER indicates whether an account is locked or unlocked.
  • 16. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.16 Support for password expiration policy ● ALTER USER 'script'@'localhost' PASSWORD EXPIRE NEVER ● ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE; ● [mysqld] default_password_lifetime=180 ● A client session operates in restricted mode if the account password was expired manually or if the password is considered past its lifetime per the automatic expiration policy. In restricted mode, operations performed within the session result in an error until the user establishes a new account password: ● ALTER USER USER() IDENTIFIED BY 'new_password';
  • 17. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.17 Password strength enforcement ● The validate_password plugin can be used to test passwords and improve security ● The three levels of password checking are LOW, MEDIUM, and STRONG. The default is MEDIUM; to change this, modify the value of validate_password_policy. The policies implement increasingly strict password tests. The following descriptions refer to default parameter values; these can be modified by changing the appropriate system variables. ● LOW policy tests password length only. Passwords must be at least 8 characters long. ● MEDIUM policy adds the conditions that passwords must contain at least 1 numeric character, 1 lowercase and uppercase character, and 1 special (nonalphanumeric) character. ● STRONG policy adds the condition that password substrings of length 4 or longer must not match words in the dictionary file, if one has been specified. ● If the validate_password plugin is not installed, the validate_password_xxx system variables are not available, passwords in statements are not checked, and VALIDATE_PASSWORD_STRENGTH() always returns 0.
  • 18. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.18 No test database or anonymous users created ● No test database, one less vulnerability for someone guessing about your instance ● No accounts with no user name, no password.
  • 19. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.19 Random Root Password Generated by Default on Installation ● mysql_install_db is deprecated as of MySQL 5.7.6 because its functionality has been integrated into mysqld, the MySQL server. To initialize a MySQL installation, invoke mysqld with the --initialize or --initialize-insecure option, See https://dev.mysql.com/doc/refman/5.7/en/data-directory-initialization-mysqld.html ● With --initialize the server generates a random password, marks it as expired, and writes a message displaying the password: [Warning] A temporary password is generated for root@localhost: iTag*AfrH5ej ● With --initialize-insecure the server does not generate a password or mark it expired, and writes a warning message: Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize- insecure option.
  • 20. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.20 New ALTER USER command ALTER USER 'jeffrey'@'localhost' IDENTIFIED BY 'new-password', 'jeanne'@'localhost' REQUIRE SSL WITH MAX_USER_CONNECTIONS 2;
  • 21. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.21 mysql.user.password field renamed as authentication_string to better describe its current usage ● More than just a password! ● LDAP data ● CREATE USER 'sha256user'@'localhost' IDENTIFIED WITH sha256_password BY 'Sh@256Pa33' ● [mysqld] default_authentication_plugin=sha256_password ● New accounts will use SHA256
  • 22. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.22 SQL MODE STRICT ● New Default SQL MODE ● Strict mode controls how MySQL handles invalid or missing values in data-change statements such as INSERT or UPDATE. A value can be invalid for several reasons. For example, it might have the wrong data type for the column, or it might be out of range. A value is missing when a new row to be inserted does not contain a value for a non-NULL column that has no explicit DEFAULT clause in its definition. (For a NULL column, NULL is inserted if the value is missing.) Strict mode also affects DDL statements such as CREATE TABLE. ● If strict mode is not in effect, MySQL inserts adjusted values for invalid or missing values and produces warnings (see Section 13.7.5.40, “SHOW WARNINGS Syntax”). In strict mode, you can produce this behavior by using INSERT IGNORE or UPDATE IGNORE.
  • 23. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.23 MySQL Modes ● The default SQL mode in MySQL 5.7 includes these modes: ONLY_FULL_GROUP_BY, STRICT_TRANS_TABLES, NO_ZERO_IN_DATE, NO_ZERO_DATE, ERROR_FOR_DIVISION_BY_ZERO, NO_AUTO_CREATE_USER, and NO_ENGINE_SUBSTITUTION. ● For information about all available modes and MySQL's default behavior, see Section 5.1.7, “Server SQL Modes” in the manual.
  • 24. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.24 Replication Changes ● Loss-less semi-sync replication ● Semi-sync can now wait for a configurable number of slaves ● Intra-schema parallel replication ● Ability to tune group commit via binlog_group_commit_sync_delay and binlog_group_commit_sync_no_delay_count options. ● Non-blocking SHOW SLAVE STATUS ● Online CHANGE REPLICATION FILTER ● Online CHANGE MASTER TO without stopping SQL thread
  • 25. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.25 MySQL Enterprise Firewall
  • 26. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.26 Where to get MySQL 5.7MySQL 5.7 ● Community & Enterprise Editions Download Page www.mysql.com ● Yum repo http://dev.mysql.com/downloads/repo/yum/ ● Apt repo http://dev.mysql.com/downloads/repo/apt/ ● SUSE repo http://dev.mysql.com/downloads/repo/suse/ ● Windows http://dev.mysql.com/downloads/windows/
  • 27. Copyright © 2015, Oracle and/or its affiliates. All rights reserved.27 Q/AQ/A ● Slides – Slideshare.net/davidmstokes ● Twitter – @Stoker ● Email – David.Stokes@Oracle.com ● Blog – OpenSourceDba@Wordpress.com