Today we released The CIS Oracle MySQL Community Server 5.6 Benchmark v1.0.0 This is a benchmark which can be used to secure your MySQL installation.

The next meetup of the MySQL User Group NL is in Amsterdam in one of the offices of Booking.com . Schedule: • 18:30 - 19:00: Welcome • 19:00 - 19:30: Easy Replication Hierarchy Management with Pseudo-GTID  (by Shlomi Noach) • 19:30 - 20:00: Food & Discussion • 20:00 - 20:30: Entry level Sphinx Search  (by Art van Scheppingen)  • 20:30 - 22:00: Discussion & Drinks For more information and to RSVP you can visit the event page of MySQL User Group NL website

In this blog post I will describe different ways of using SSL with the MySQL database server. What does SSL give you? You might use MySQL replication over the internet or connect to MySQL over the internet. Another posibility is that you connect over an enterprise network to which just too many people have access. This is especially an issue if you use an BYOD network. SSL helps here by encrypting the network traffic to prevent against evesdropping. It also validates that you're talking to the correct server to prevent man-in-the-middle attacks. And you can also use SSL client certificates together with an password as two factor authentication. SSL is not the only option, you could use SSH and many MySQL GUI clients like MySQL Workbench support this. But you can't easily use SSH with a python script or mysqldump. Things that could go wrong Using SSL is almost always better than not using SSL at all. So there is not much you could do wrong. But there are a few things t...

So assume you just uploaded the certificate you use to identify yourself to the MySQL server to Github or some other place it doesn't belong... and there is no undelete . First: Don't panic . Often a password is required besides a certificate to connect to the server. So someone with the certificate can't use it without the password. The certificate itself might be protected by a password, but that's really rare. Also access to MySQL and/or your account should be limited to certain IP's. The next step is to revoke the certificate. This is possible since MySQL 5.6.3 by using a Certificate Revocation List (CRL). A CRL is a list of the serials of the revoked certificates and signed by the CA. So this will only work if the certificates have unique serials. To get the serial of a certificate with OpenSSL: $ openssl x509 -in client-cert.pem -noout -text | grep 'Serial Number'  Serial Number: 3 (0x3) To get the serial of a certificate with GnuTLS: $ ce...