Mission Impossible: Zero-Configuration SSL

SSL (let’s call it that, even though SSL 2.0 and SSL 3.0 were long replaced by TLS 1.0–1.3 protocols) support was implemented in MySQL in 2001, so MariaDB (born in 2009) always had it. But over more than twenty years of SSL support there was one huge problem with it. It required tedious manual configuration, so most users never bothered and accepted the fact that their queries and data were sent unprotected. Which might have been slightly risky in 2001, but is definitely reckless in 2023.

The traditional approach

Let’s see. First, the user installing MariaDB or MySQL has to generate a private key and a certificate.

Sauron says to Dumbledore and Merlin…

This sounds like a lame cross-genre joke, but it is not. It is a lame cross-genre math problem. I have to admit, it didn’t have those names when I read about it, but I wanted to make it a bit more epic. So,

Sauron says to Dumbledore and Merlin, finally I have captured you both. Now I shall select two numbers, greater than one, less than a hundred. Dumbledore shall know their product and Merlin shall know their sum. If you, fools, will be able to tell me the numbers I have chosen, I shall let you free.

10.7 preview feature: CONVERT PARTITION

If you are using table partitioning, you have likely heard of the ALTER TABLE … EXCHANGE PARTITION … WITH TABLE … command. It existed in MariaDB since forever. But if you check the manual (any manual) or search the web, you will see that almost the only use case of it is converting a partition to a standalone non-partitoned table, or converting a standalone non-partitoned table into a partition.

And the usage was designed back then to be anything but obvious. To convert a partition to a table you need first to create an empty table with the same structure as a partition, then you exchange it with a partition, and then you drop the empty partition.

Emergency Release of MariaDB 10.5.8, 10.4.17, 10.3.27, and 10.2.36 is now available

The MariaDB Foundation is pleased to announce the availability of MariaDB 10.5.8, MariaDB 10.4.17, MariaDB 10.3.27, and MariaDB 10.2.36, the latest stable releases in their respective series.

Why do we release MariaDB again only a week after the 10.5.7, 10.4.16, etc? What’s the emergency?

The previous, scheduled, set of releases (10.2 and up) included a security related change — MariaDB server became more strict about accepting network packets from the client. It never was particularly trusting, but still there was a loophole in the handling of prepared statements where the server just assumed that the client sends the correct data. …

Authentication in MariaDB 10.4 — Understanding the Changes

MariaDB Server 10.4 came with a whole lot of Security related changes. Some of them are merely optimizations (like MDEV-15649), some improve existing features to be more robust (MDEV-15473, MDEV-7598) or convenient (MDEV-12835, MDEV-16266). Some are MySQL compatibility features, requested by our users (MDEV-7597, MDEV-13095).

But the first thing any MariaDB Server user, whether an experienced veteran or a newbie, does — before even issuing the first SQL statement — is logging in. Authenticating to the database server. …

Duel: gdb vs. linked lists, trees, and hash tables

My first encounter with the gdb command duel was on some old IRIX about 15 years ago. I immediately loved how convenient it was for displaying various data structures during MySQL debugging, and I wished Linux had something similar. Later I found out that Duel was not something IRIX specific, but a public domain patch for gdb 4.6 written in ’93 by Michael Golan. Unfortunately, it never got into gdb (for licensing reasons, so I’ve heard). Now the gdb 8 is out, and the patch, obviously doesn’t apply. Instead of fixing the patch, I’ve re-implemented Duel in Python, using gdb Python API and the Arpeggio parser. …

Making life prettier with gdb PrettyPrinting API

Anyone who has peeked inside a gdb manual knows that gdb has some kind of Python API. And anyone who has skimmed through has seen something called “Pretty Printing” that supposedly tells gdb how to print complex data structures in a nice and readable way. Well, at least I have seen that, but I’ve never given it much thought. Still, one day, when I was typing:
(gdb) p/t table->read_set->bitmap[0] @ (table->read_set->n_bits+7)/8
for the umpteenth time I asked myself, “why the heck not?”, and so it begun…
(more…)

Who are you? The history of MySQL and MariaDB authentication protocols from 1997 to 2017

MySQL 3.20 to 4.0

In the good old days, when 32MB of RAM justified the name my-huge.cnf, when nobody knew Google and Facebook didn’t even exist, security was… how do I put it… kind of cute. Computer viruses didn’t steal millions and didn’t disrupt elections — they played Yankee Doodle or told you not to play with the PC. People used telnet and ftp, although some security conscious admins already knew ssh.

Somewhere around this time, give or take a few years, MySQL was born. And it had users, who had to be kept away from seeing others’ data, but allowed to use their own. …