Category Archives: General

Screencast: Installing MariaDB

Posted on by
6

Instead of the usual text-heavy blog posts that appear here, I thought it would be fun to mix things up and do a screencast showing exactly how easy it is to upgrade MySQL to MariaDB:

Some notes:

  • The laptop I’m using had MySQL 5.1.55 installed with one database (apart from the system database). Installing MariaDB does not impact existing data in any way and once the install completed I had instant access to my data.
  • As part of the install you are given the option to set a new password for the root user. I choose to do it in the video, but you don’t need to. If you leave the password field blank the root password will not be changed. Other database users are preserved, of course.
  • As with any database upgrade, before doing this to a production system you should have backups and test.

Links:

Links shown or mentioned in the video:

Comments?

What do you think? Should we make more screencasts? If so, what would you like to see demonstrated?

Oracle’s 27 MySQL security fixes and MariaDB

Posted on by
1

The MySQL community has something new on their radar. First up, it looks like MySQL is now part of Oracle Software Security Assurance, and this is something all MySQL users should be happy about. Next, it is worth noting that MySQL is now part of the Oracle Critical Patch Update (Oracle CPU), as the MySQL product line has made it into its first Oracle CPU advisory for January 2012.

As part of the MySQL community, CPU’s are new to us — they are released on the Tuesday closest to the 17th day of January, April, July and October. This kind of reminds us of Patch Tuesday, but let’s not digress.

This is the first time MySQL is part of the Critical Patch Update, and the advisory suggests that there are 27 new security fixes for Oracle MySQL, with one of the vulnerabilities having the possibility of remote exploitation without authentication. As developers of a MySQL branch we are naturally concerned towards the nature of these CPU’s.

For starters, it’s good to note that MariaDB is always based from a branch of MySQL (MySQL 5.1 for MariaDB 5.1, 5.2 & 5.3, and MySQL 5.5 for MariaDB 5.5). So whenever there are security fixes which Oracle makes into MySQL 5.1 or MySQL 5.5, we inherit them. This is one of the benefits of being a branch as opposed to being a fork.

“Oracle advisories include all issues that appeared since the last advisory. But this is the first advisory for MySQL. So either Oracle found 27 new problems since October 2011 or this includes everything that’s been outstanding,” said Sergei Golubchik, VP of Architecture for MariaDB and former MySQL security contact when I asked him about the 27 security fixes.

Upon looking up all the CVE numbers, the reports were vague, like “Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.” Additionally, the reports do not reference bug numbers, so from a bit of guesswork, we might assume that this commit is possibly the fix for the most serious vulnerability — the one that can be remotely exploited without authentication. That bug, incidentally, was fixed in May 2011, and has long been present in both MySQL and MariaDB (though our implementation varies from upstream).

We notice most CVEs being reported in January 2012, but have no idea when they were reported to the Oracle bug database (or to bugs.mysql.com), or when they were fixed. We believe that this is perhaps Oracle including MySQL into their Software Security Assurance program, which is what triggered all security bugs to be reported on cve.mitre.org, all on the same day.

Whether these 27 fixes are new or existing ones now being bundled up and reported in a Critical Patch Update remains open until more accurate information on what bugs they address is provided. We’re actively working on finding out the answer.

MariaDB: Improve Security with Two-Step Verification

Posted on by
Reply

In this primer I will show how to improve the security of your MariaDB installation by using two-step verification and how to use it from your Windows GUI client.

Let’s suppose you have your data in MariaDB, installed, say, on Ubuntu. And your users connect to it to run ad hoc queries, using some sort of a Windows GUI client. You don’t want them to write the access password on post-it notes or have it auto-entered by the client. And you don’t want anyone see the password when one of the salespersons connects to the mother ship from his laptop in the Internet café. So you decide to use the two-step verification, just like Google does, to secure the access to the data.

Continue reading

Wrapping up MariaDB 2011

Posted on by
2

Parts of the world are already celebrating Christmas Eve and it’s time to relax and spend time with family and friends. Even if you don’t celebrate Christmas this is when there is time for less work. Here are a few words to round off MariaDB’s current state and where it’s heading.

This year culminated in MariaDB 5.3.3, the release candidate of 5.3. This is a significant release that makes years of work available by default in the database server. Earlier releases still required features to be explicitly switched on, but thanks to thorough testing assuring the quality of the new functionality we have now enabled them. It’s still called a release candidate which means it’s ready for general usage, but we want more user feedback before calling it stable. Make yourself familiar with the MariaDB 5.3.3 release notes.

Most of the new features and functionality of 5.3.3 are performance related making it possible to suddenly e.g. make use of subqueries, which previously has been a rare sight in MySQL® based applications due to the limitations that has existed. This is now addressed in MariaDB and we encourage you to start using subqueries. You will actually get a result to your query in a reasonable time.

Another nice addition in 5.3.3 is the new GIS (Geographic Information System) functionality. MariaDB introduces spatial functionality in accordance with the OpenGIS specification. If you have the need for GIS functionality in your application try MariaDB.

We had some challenges with the packaging of the authentication plugins and our release schedule was affected. Watch out for MariaDB 5.2.11 and MariaDB 5.5 in early 2012.

During 2011 we saw a huge increase in MariaDB popularity. We saw MariaDB being selected as the database for really critical systems (stay tuned for case studies of some of these systems). We saw some of the biggest IT companies making initial bets on MariaDB. A better basis for MariaDB’s 2012 couldn’t exist!

Thank You and Happy Holidays!

Announcing new features in MariaDB

Posted on by
1

We have lately been talking about some upcoming features that we feel are important to MariaDB users, because the corresponding ones that will be provided with MySQL will be incompatible with MariaDB and closed source.

We’re happy to announce the following:

  • The next version of MariaDB, version 5.2.10 will include an open source PAM Authentication Plugin. MariaDB 5.2.10 is scheduled for release next week.
  • A Windows Authentication Plugin is in development and QA currently and will be part of MariaDB 5.2.11, which is scheduled for release before Christmas.
  • MariaDB 5.5 will include both of the above plugins and an open source thread pool implementation. The soon-to-be-launched first version however will not include the thread pool.

Stay tuned for more information as soon as we start launching the above features.

Mission critical services relying on MariaDB should be aware that SkySQL has familiarized themselves with the new features and are ready to support all of the above options.