SlideShare a Scribd company logo

2016 oSC MySQL Firewall

Download as PPTX, PDF
Georgi Kodinov
Georgi Kodinov

MySQL Firewall is an application level firewall filter that intercepts incoming queries and validates them against a database of normalized "safe" queries. As an integral part of the server it takes advantage of the parsing and normalization that is done anyway so it has minimal impact on normal operations. The firewall has multiple modes. In learning mode it collects the incoming query normalization in a scratchpad that can be persisted to disk. In alert mode it will just alert the DBA for an unknown query but still let it pass. And in protecting mode it will reject all unknown queries. The firewall can be used to limit SQL injection or as a complement to the privilege system to support only particular front end applications. We will go through all of the stages of installing, training and arming the MySQL firewall with understandable examples.

Software
1 of 27
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Add an extra layer of security to your database server Georgi “Joro” Kodinov MySQL Server General Team Lead
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Georgi “Joro” Kodinov MySQL @ Oracle  Server General Team Lead  Works on MySQL since 2006  Specializes in:  Security  Client/server protocol  Monitoring  Loves history, diverse world cultures  A devoted Formula 1 fan (Go, Massa !)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Agenda 3 Why a MySQL Firewall ? Firewall Architecture Installation and setup Operation Q&A
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? 4
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Simple ! Make SQL injection attacks harder ! 5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | “And it wouldn’t be a proper DBIR if we didn’t raise a glass to one of the elder statesmen of web application hacking, SQL injection (SQLi)” – http://www.verizonenterprise.com/verizon-insights- lab/dbir/2016/ 6
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? • Better SQL applications security – User accounts can execute only application SQL • Defense in dept – Extra layer, works with the other methods • Minimum performance cost – Takes advantage of the server’s SQL processor • No need for application changes – Works inside the server 7 Other reasons
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Exploits of a Mom 8 https://xkcd.com/327/
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Architecture 9
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall 10 Anatomy Firewall Plugin SELECT ?+? USE ? Engine • Compares incoming queries with the allowed list • Works on normalized statements • Multiple modes • Audit API plugin Statements Cache • Entirely in memory • Initialized from disk • Content visible through INFORMATION_SCHEMA
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Server MySQL Firewall 11 Operation SELECT 1+2 SELECT 1+2 SELECT 1+2 OR ..Deny Firewall Plugin SELECT ?+? USE ?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation Diagram 12
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing The MySQL Firewall 13
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 14
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing the MySQL Firewall $ mysql -u root -p mysql < linux_install_firewall.sql mysql> SHOW GLOBAL VARIABLES LIKE 'mysql_firewall_mode'; +---------------------+-------+ | Variable_name | Value | +---------------------+-------+ | mysql_firewall_mode | ON | +---------------------+-------+ 15 The command line version
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Operating the MySQL Firewall Case study: adding firewall protection to a WordPress installation 16
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | • Stock WordPress on apache2 • Uses the default wordpress@localhost MySQL account • Runs against a local MySQL server • MySQL server seeded with a user and a schema for WordPress • WordPress installation done with defaults 17 Step 1: Install WordPress
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 2: Put the Firewall Into Recording Mode • Command Line – $mysql -u root -p –e "CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'RECORDING');“ • Workbench 18
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 3: Accumulate White List Actions • The non-trivial part ! • Click through all of the WordPress sequences that you want to be enabled – This will generate the queries • I have only clicked through saving a draft of a post 19
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 4: Inspect The Accumulated Rules 20
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 5: Shields Up ! Switch To Protecting Mode mysql> CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'PROTECTING'); Query OK, 63 rows affected (0,00 sec) 21
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 6: Watch The Show ! mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 50 | | Firewall_access_granted | 664 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,01 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 57 | | Firewall_access_granted | 706 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 67 | | Firewall_access_granted | 782 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) 22
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What Does the Application Get ? • $ client/mysql -u wordpress --protocol=tcp -p -e "select version()“ ERROR 1045 (28000) at line 1: Statement was blocked by Firewall • [Mon Jun 20 13:23:00.091246 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user- new.php • [Mon Jun 20 13:23:00.094753 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, wp_insert_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user-new.php 23
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation: What Else ? • Can log suspicious queries (not in the whitelist) instead of/in addition to blocking • The mysql.mysql_firewall_* tables are not special tables. – It’s just that the firewall reads them at installation time – And the stored programs write the INFORMATION_SCHEMA tables into them • Can reset the stats – mysql_firewall_flush_status() resets the status variables • Can manipulate rule-sets – Aggregate, prune, edit etc 24
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Questions And Answers Confidential – Oracle 25
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Confidential – Oracle 26
2016 oSC MySQL Firewall

Recommended

BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 

Recommended

BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7Osama Mustafa
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Osama Mustafa
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5Osama Mustafa
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builderOsama Mustafa
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaMark Leith
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Oam install & config
Oam install & configOam install & config
Oam install & configVigilant Technologies
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOsama Mustafa
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovueOsama Mustafa
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMark Leith
 
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cOracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cTrivadis
 
MySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMatt Lord
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 

More Related Content

What's hot

Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Osama Mustafa
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5Osama Mustafa
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builderOsama Mustafa
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaMark Leith
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOsama Mustafa
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMark Leith
 
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cOracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cTrivadis
 

What's hot (20)

Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schema
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by Aswin
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench Integration
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sys
 
J2ee user managment using dwh builder
J2ee user managment using dwh builderJ2ee user managment using dwh builder
J2ee user managment using dwh builder
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance Schema
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helper
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
 
Oam install & config
Oam install & configOam install & config
Oam install & config
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLink
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovue
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
 
Oracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12cOracle Failover Database Cluster with Grid Infrastructure 12c
Oracle Failover Database Cluster with Grid Infrastructure 12c
 

Similar to 2016 oSC MySQL Firewall

MySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMatt Lord
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
20161029 py con-mysq-lv3
20161029 py con-mysq-lv320161029 py con-mysq-lv3
20161029 py con-mysq-lv3Ivan Ma
 
Solving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorSolving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorOracleMySQL
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise MonitorMario Beck
 
MySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationMySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationNuno Carvalho
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMiguel Araújo
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01Ivan Ma
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...Geir Høydalsvik
 
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...GeneXus
 
Upgrading to my sql 8.0
Upgrading to my sql 8.0Upgrading to my sql 8.0
Upgrading to my sql 8.0Ståle Deraas
 
MySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoMySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoKeith Hollman
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMiguel Araújo
 
Basic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAsBasic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAsSveta Smirnova
 
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorNetherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorMark Swarbrick
 
Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0Ståle Deraas
 
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!Miguel Araújo
 
MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud ServiceMario Beck
 
MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019Yashada Jadhav
 

Similar to 2016 oSC MySQL Firewall (20)

MySQL Group Replication - an Overview
MySQL Group Replication - an OverviewMySQL Group Replication - an Overview
MySQL Group Replication - an Overview
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
20161029 py con-mysq-lv3
20161029 py con-mysq-lv320161029 py con-mysq-lv3
20161029 py con-mysq-lv3
 
Solving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorSolving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise Monitor
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
 
MySQL High Availability with Group Replication
MySQL High Availability with Group ReplicationMySQL High Availability with Group Replication
MySQL High Availability with Group Replication
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA Tool
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
 
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
MySQL 20 años: pasado, presente y futuro; conoce las nuevas características d...
 
Upgrading to my sql 8.0
Upgrading to my sql 8.0Upgrading to my sql 8.0
Upgrading to my sql 8.0
 
MySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoMySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demo
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB Clusters
 
Basic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAsBasic MySQL Troubleshooting for Oracle DBAs
Basic MySQL Troubleshooting for Oracle DBAs
 
My sql 5.6&MySQL Cluster 7.3
My sql 5.6&MySQL Cluster 7.3My sql 5.6&MySQL Cluster 7.3
My sql 5.6&MySQL Cluster 7.3
 
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise MonitorNetherlands Tech Tour - 06 MySQL Enterprise Monitor
Netherlands Tech Tour - 06 MySQL Enterprise Monitor
 
Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0Automatic upgrade and new error logging in my sql 8.0
Automatic upgrade and new error logging in my sql 8.0
 
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
MySQL Shell/AdminAPI - MySQL Architectures Made Easy For All!
 
MySQL Cloud Service
MySQL Cloud ServiceMySQL Cloud Service
MySQL Cloud Service
 
MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019MySQL Security and Standardization at PayPal - Percona Live 2019
MySQL Security and Standardization at PayPal - Percona Live 2019
 

More from Georgi Kodinov

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptxGeorgi Kodinov
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptxGeorgi Kodinov
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneGeorgi Kodinov
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql cloneGeorgi Kodinov
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL CloneGeorgi Kodinov
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database serverGeorgi Kodinov
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaGeorgi Kodinov
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkGeorgi Kodinov
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureGeorgi Kodinov
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data MaskingGeorgi Kodinov
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQLGeorgi Kodinov
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLGeorgi Kodinov
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityGeorgi Kodinov
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentGeorgi Kodinov
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7Georgi Kodinov
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLGeorgi Kodinov
 

More from Georgi Kodinov (19)

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data Masking
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQL
 
Pl18 saving bandwidth
Pl18 saving bandwidthPl18 saving bandwidth
Pl18 saving bandwidth
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQL
 

Recently uploaded

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 

Recently uploaded (20)

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 

2016 oSC MySQL Firewall

  • 1. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Add an extra layer of security to your database server Georgi “Joro” Kodinov MySQL Server General Team Lead
  • 2. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Georgi “Joro” Kodinov MySQL @ Oracle  Server General Team Lead  Works on MySQL since 2006  Specializes in:  Security  Client/server protocol  Monitoring  Loves history, diverse world cultures  A devoted Formula 1 fan (Go, Massa !)
  • 3. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Agenda 3 Why a MySQL Firewall ? Firewall Architecture Installation and setup Operation Q&A
  • 4. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? 4
  • 5. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Simple ! Make SQL injection attacks harder ! 5
  • 6. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | “And it wouldn’t be a proper DBIR if we didn’t raise a glass to one of the elder statesmen of web application hacking, SQL injection (SQLi)” – http://www.verizonenterprise.com/verizon-insights- lab/dbir/2016/ 6
  • 7. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why a MySQL Firewall ? • Better SQL applications security – User accounts can execute only application SQL • Defense in dept – Extra layer, works with the other methods • Minimum performance cost – Takes advantage of the server’s SQL processor • No need for application changes – Works inside the server 7 Other reasons
  • 8. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Exploits of a Mom 8 https://xkcd.com/327/
  • 9. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Architecture 9
  • 10. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall 10 Anatomy Firewall Plugin SELECT ?+? USE ? Engine • Compares incoming queries with the allowed list • Works on normalized statements • Multiple modes • Audit API plugin Statements Cache • Entirely in memory • Initialized from disk • Content visible through INFORMATION_SCHEMA
  • 11. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Server MySQL Firewall 11 Operation SELECT 1+2 SELECT 1+2 SELECT 1+2 OR ..Deny Firewall Plugin SELECT ?+? USE ?
  • 12. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation Diagram 12
  • 13. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing The MySQL Firewall 13
  • 14. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 14
  • 15. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Installing the MySQL Firewall $ mysql -u root -p mysql < linux_install_firewall.sql mysql> SHOW GLOBAL VARIABLES LIKE 'mysql_firewall_mode'; +---------------------+-------+ | Variable_name | Value | +---------------------+-------+ | mysql_firewall_mode | ON | +---------------------+-------+ 15 The command line version
  • 16. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Operating the MySQL Firewall Case study: adding firewall protection to a WordPress installation 16
  • 17. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | • Stock WordPress on apache2 • Uses the default wordpress@localhost MySQL account • Runs against a local MySQL server • MySQL server seeded with a user and a schema for WordPress • WordPress installation done with defaults 17 Step 1: Install WordPress
  • 18. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 2: Put the Firewall Into Recording Mode • Command Line – $mysql -u root -p –e "CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'RECORDING');“ • Workbench 18
  • 19. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 3: Accumulate White List Actions • The non-trivial part ! • Click through all of the WordPress sequences that you want to be enabled – This will generate the queries • I have only clicked through saving a draft of a post 19
  • 20. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 4: Inspect The Accumulated Rules 20
  • 21. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 5: Shields Up ! Switch To Protecting Mode mysql> CALL mysql.sp_set_firewall_mode('wordpress@localhost', 'PROTECTING'); Query OK, 63 rows affected (0,00 sec) 21
  • 22. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Step 6: Watch The Show ! mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 50 | | Firewall_access_granted | 664 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,01 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 57 | | Firewall_access_granted | 706 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) mysql> show status like '%firewall%'; +----------------------------+-------+ | Variable_name | Value | +----------------------------+-------+ | Firewall_access_denied | 67 | | Firewall_access_granted | 782 | | Firewall_access_suspicious | 0 | | Firewall_cached_entries | 63 | +----------------------------+-------+ 4 rows in set (0,00 sec) 22
  • 23. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What Does the Application Get ? • $ client/mysql -u wordpress --protocol=tcp -p -e "select version()“ ERROR 1045 (28000) at line 1: Statement was blocked by Firewall • [Mon Jun 20 13:23:00.091246 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user- new.php • [Mon Jun 20 13:23:00.094753 2016] [:error] [pid 31596] [client 127.0.0.1:40226] WordPress database error Statement was blocked by Firewall for query SELECT * FROM wp_users WHERE user_email = 'test@test.com' made by edit_user, wp_insert_user, email_exists, get_user_by, WP_User::get_data_by, referer: http://localhost/blog/wp-admin/user-new.php 23
  • 24. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL Firewall Operation: What Else ? • Can log suspicious queries (not in the whitelist) instead of/in addition to blocking • The mysql.mysql_firewall_* tables are not special tables. – It’s just that the firewall reads them at installation time – And the stored programs write the INFORMATION_SCHEMA tables into them • Can reset the stats – mysql_firewall_flush_status() resets the status variables • Can manipulate rule-sets – Aggregate, prune, edit etc 24
  • 25. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Questions And Answers Confidential – Oracle 25
  • 26. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Confidential – Oracle 26

Editor's Notes

  1. Verizon’s 2016 Data Breach Investigations Report