Ensuring continuity and open collaboration

Posts tagged security

The State of SSL in MariaDB

Usually when one says “SSL” or “TLS” it means not a specific protocol but a family of protocols. Wikipedia article has the details, but in short — SSL 2.0 and SSL 3.0 are deprecated and should not be used anymore (the well-known POODLE vulnerability exploits the flaw in SSL 3.0). TLS 1.0 is sixteen years […]

READ MORE

Information on the SSL connection vulnerability of MySQL and MariaDB

Last  week, a SSL connection security vulnerability was reported for MySQL and MariaDB. The vulnerability states that since MariaDB and MySQL do not enforce SSL when SSL support is enabled, it’s possible to launch Man In The Middle attacks (MITM). MITM attacks can capture the secure connection and turn it into an insecure one, revealing […]

READ MORE

Unbreakable MySQL?

I’m getting more and more concerned about the current Oracle approach to MySQL security. And the fact that I was solely responsible for the security@mysql.com for about ten years, doesn’t make it easier, on the contrary, it only emphasizes changes in the attitude. Starting from the obvious — somewhat slower response to critical bug fixes, […]

READ MORE

MariaDB: Improve Security with Two-Step Verification

In this primer I will show how to improve the security of your MariaDB installation by using two-step verification and how to use it from your Windows GUI client. Let’s suppose you have your data in MariaDB, installed, say, on Ubuntu. And your users connect to it to run ad hoc queries, using some sort […]

READ MORE

Sponsors

MariaDB Foundation sponsors

Tweets by @mariadb

Code statistics