Authentication in MariaDB 10.4 — Understanding the Changes

MariaDB Server 10.4 came with a whole lot of Security related changes. Some of them are merely optimizations (like MDEV-15649), some improve existing features to be more robust (MDEV-15473, MDEV-7598) or convenient (MDEV-12835, MDEV-16266). Some are MySQL compatibility features, requested by our users (MDEV-7597, MDEV-13095).

But the first thing any MariaDB Server user, whether an experienced veteran or a newbie, does — before even issuing the first SQL statement — is logging in. Authenticating to the database server. Read more

Duel: gdb vs. linked lists, trees, and hash tables

My first encounter with the gdb command duel was on some old IRIX about 15 years ago. I immediately loved how convenient it was for displaying various data structures during MySQL debugging, and I wished Linux had something similar. Later I found out that Duel was not something IRIX specific, but a public domain patch for gdb 4.6 written in ’93 by Michael Golan. Unfortunately, it never got into gdb (for licensing reasons, so I’ve heard). Now the gdb 8 is out, and the patch, obviously doesn’t apply. Instead of fixing the patch, I’ve re-implemented Duel in Python, using gdb Python API and the Arpeggio parser. Read more

Making life prettier with gdb PrettyPrinting API

Anyone who has peeked inside a gdb manual knows that gdb has some kind of Python API. And anyone who has skimmed through has seen something called “Pretty Printing” that supposedly tells gdb how to print complex data structures in a nice and readable way. Well, at least I have seen that, but I’ve never given it much thought. Still, one day, when I was typing:
(gdb) p/t table->read_set->bitmap[0] @ (table->read_set->n_bits+7)/8
for the umpteenth time I asked myself, “why the heck not?”, and so it begun…
(more…) Read more

Who are you? The history of MySQL and MariaDB authentication protocols from 1997 to 2017

MySQL 3.20 to 4.0

In the good old days, when 32MB of RAM justified the name my-huge.cnf, when nobody knew Google and Facebook didn’t even exist, security was… how do I put it… kind of cute. Computer viruses didn’t steal millions and didn’t disrupt elections — they played Yankee Doodle or told you not to play with the PC. People used telnet and ftp, although some security conscious admins already knew ssh.

Somewhere around this time, give or take a few years, MySQL was born. And it had users, who had to be kept away from seeing others’ data, but allowed to use their own. Read more

MariaDB in Google Summer of Code 2016

And for the fourth year in a row, MariaDB Foundation participates in the Google Summer of Code! The MariaDB Organization in GSoC is an umbrella organization for all projects that belongs to the MariaDB ecosystem, be it MariaDB Server, MariaDB Connectors, or MariaDB MaxScale. The complete list of our suggested project ideas is in MariaDB Jira. This year we were granted 10 student slots (as compared to 8 last year, 5 in 2014, and 3 in 2013). And it was good, as applicants this year were exceptionally strong. Our students have chosen these projects:

For the server:

  • MDEV-7773 Aggregate Stored Functions
  • student: Varun Raiko, mentors: Sanja Byelkin and Vicențiu Ciorbaru

  • MDEV-8947 Cassandra connector support for 2.x
  • student: Charles Muurmu, mentor: Sergey Petrunia
    blog: https://cassandrastorageenginev2.wordpress.com/

  • MDEV-4989 Support for GTID in mysqlbinlog
  • student: Becca Tucker, mentors: Lixun Peng and Colin Charles

  • MDEV-9711 NO PAD collations
  • student: Daniil Medvedev, mentor: Alexander Barkov

  • MDEV-9197 Pushdown conditions into non-mergeable views/derived tables
  • student: Galina Shalygina, mentors: Igor Babaev and Sergey Petrunia
    blog: http://gsocmariadbshagalla.blogspot.ru/

  • MDEV-371 Unique indexes for blobs (server-side implementation) and adaptive hashing for generated hash
  • student: Sachin Setiya, mentor: Sergei Golubchik

  • MDEV-371 Unique indexes for blobs (in MyISAM, Aria, InnoDB, and XtraDB)
  • student: Shubham Barai, mentors: Jan Lindström and Sergei Golubchik

For the MariaDB Connector/C:

For the MariaDB MaxScale:

For the Master High Availability Manager for MySQL:

Many projects have two mentors to ensure that the student always gets a quick answer to his questions and someone is always available to help even if one of the mentors is, for example, on vacations. Read more

The State of SSL in MariaDB

Usually when one says “SSL” or “TLS” it means not a specific protocol but a family of protocols. Wikipedia article has the details, but in short — SSL 2.0 and SSL 3.0 are deprecated and should not be used anymore (the well-known POODLE vulnerability exploits the flaw in SSL 3.0). TLS 1.0 is sixteen years old and while it’s still being used, new security standards (for example PCI DSS v3.1) require TLS 1.1 or, preferably, TLS 1.2.

MySQL used to support TLS 1.0 since 2001. Which means MariaDB supported it from the day one, and never supported weaker SSL 2.0 or SSL 3.0. Read more

MariaDB 10.1.1: triggers for RBR

Sometimes users ask for something that doesn’t really make sense. On the first glance. But then you start asking and realize that the user was right, you were wrong, and it is, actually, a perfectly logical and valid use case.

I’ve had one of these moments when I’ve heard about a request of making triggers to work on the slave in the row-based replication. Like, really? In RBR all changes made by triggers are replicated from the master to slaves as row events. If triggers would be fired on the slave they would do their changes twice. And anyway, assuming that one only has triggers one the slave (why?) in statement-based replication triggers would run on the slave normally, wouldn’t they? Read more

MariaDB 10.1.1: engine_condition_pushdown flag deprecated

Let me start with a little story. You sit in your house near the fireplace in the living room and need a book from the library… Eh, no, sorry, wrong century. You’re building a robotic arm that will open your beer or brew your coffee or supply you with whatever other drinks of your choice… while you’ll be building the next robotic arm. So, you — soldering iron in one hand and Arduino in another — ask your little brother to bring a box with specific resistors (that you unexpectedly run out of) from the cellar. The problem — your brother is small and cannot tell a resistor from a respirator. Read more