Вторник II 11, 2014

MySQL Bulgarian users group ? Anybody interested ?

MySQL is widely used throughout the world. With users groups in many countries. In fact Oracle even tracks these on a wiki page.

Look at the map of Europe. See a pin missing ?

Would you be interested in filling it in ? Maybe we can gather and share MySQL related knowledge ? We do have some MySQL developers that are based in Bulgaria. And probably a lot of very advanced MySQL users too. All of us can benefit from talking to each other IMHO.

Please let me know if you'd be interested into gathering every now and then and talking MySQL. If there are people interested I'm sure we'll figure out the details.

EDIT : I've created a MySQL Bulgaria Meetup page.  Please feel free to sign up and start talking !

Вторник VIII 13, 2013

Speaking about security and 5.6 on MySQL Connect 13

I will be presenting on both MySQL Connect 2013 and on Oracle OpenWorld 2013. So if you happen to be attending the conferences please come and see what's new in MySQL 5.6 security and even play with it during the hands on lab I'll be doing.

I will be delivering a MySQL Connect talk : 

Session ID: CON1888
Session Title: MySQL 5.6 and Security: What’s New
Venue / Room: Hilton - Taylor
Date and Time: 9/22/13, 10:00 - 11:00

And a HandsOn Lab :  

Session ID: HOL9735
Session Title: MySQL Security Best Practices
Venue / Room: Hilton - Franciscan A/B
Date and Time: 9/22/13, 14:30 - 15:30

And my Oracle OpenWorld talk is :

Session ID: CON2255
Session Title: Quick Dive into MySQL
No Date/Time atm 

Четвъртък IV 18, 2013

Come talk and listen about MySQL if you're from/near Bulgaria in May

The Bulgarian Oracle Users Group is holding its spring conference on 17-19 May. I'll be speaking about MySQL 5.6 and MySQL security on it.

There's still time to register (registration ends on 7 May). And the venue is great during this time of the year !

Петък IX 21, 2012

My talks at MySQL Connect and Oracle OpenWorld 2012

Details about my two talks @ MySQL Connect and Oracle OpenWorld 2012. [Read More]

Понеделник IX 12, 2011

I'm speaking about pluggable authentication at Oracle Open World

If you're attending the Oracle Open World 11, come hear me talking about pluggable authentication and developments around it (and if you're not attending here's one more good reason why you should :) ).

The current what/when/where for my talk are :

Session ID19181
Session TitleMySQL Authentication Options
Venue / RoomMarriott Marquis - Golden Gate B
Date and Time10/3/11, 11:00

There's also a MySQL community reception were you'll find most of the mysql experts attending Oracle OpenWorld. MySQL meetings are fun :)

And if you miss this, there's always the MySQL demo booth @ the exhibition floor that will be packed with MySQL experts.

Понеделник V 09, 2011

MySQL 5.5: Pluggable Authentication API: Interview with Georgi "Joro" Kodinov

I've got interviewed on authentication API :) Read all about it here

Понеделник I 03, 2011

MySQL 5.5 brings in new ways to authenticate users

Ever wanted to use your server's OS for authenticating MySQL users ? Or the corporate LDAP repository ?
Unfortunately options like the above are plentiful nowadays. And providing hard-coded support for protocol X or service Y is not the best possible idea.
MySQL 5.5 has taken the step into the right direction by providing an infrastructure allowing one to make the server understand different authentication protocols by creating a set of simple plugins (one for the client and one for the server).
So now you can easily extend MySQL to search for and authenticate users in your favorite user directory.
In fact the API supplied is so versatile that we took the possibility to re-design the current "native" authentication mechanism into a built-in always-on plugin !
OK, let me give you an example:
Imagine we have a bunch of users defined in your OS, e.g. we have a user joro with his respective password. And we have a MySQL instance running on the same computer.
It would not be unexpected to need to let joro access and/or modify MySQL data.
The first step is to define him as a MySQL user. And there's a problem right there : MySQL's
CREATE USER joro@localhost IDENTIFIED BY 'joros_password'
statement needs a password. And this is a password in no way related to the password that joro have set up in the OS. What's worse : if joro changes his OS password this will in no way be reflected in MySQL. So he'll need to change his MySQL password in a separate step. Not very convenient, specially when you have a lot of users.
This is a laborious setup for joro's DBA as well : he'll have to disable his access in both MySQL and the OS should he decides that joro's out of the "nice" list.
Now mysql 5.5 to the rescue:
Imagine that the smart DBA has created a MySQL server plugin that will check if the name of the user logging in is a valid and enabled OS name and if the password supplied to the mysql client matches the OS and has called this plugin 'auth_os'.
Now all that's left to do is to define joro as a MySQL user that will be authenticated externally.
This is done by the following command :
CREATE USER 'joro'@'localhost' IDENTIFIED WITH 'auth_os';
Now joro can login to MySQL using his current OS password.
Note : joro is still a valid MySQL user, so you can grant privileges to him just like you would for all other users. What's better: you can have users that authenticate using different mechanisms in the same server. So you can e.g. safely experiment with external authentication for selected users while keeping your current user base operational.
What happens under the hood when joro logs in ?
The server will find out by the user definition that it needs to use a non-default authentication and will ask the client to "switch" to using the appropriate client-side plugin (if of course the client is not already using it). If the client can't do this (e.g. because it's an old client or doesn't have the necessary plugin available) the server will reject the login. Otherwise the server will let the server-side plugin decide (while possibly talking to the client side plugin and the OS user directory) if this is a valid login or not.
If it is the login process will continue as usual, while if it's not the login will get rejected.
There's a lot more that MySQL 5.5 can do for you than just the simple case above. Stay tuned for more advanced use cases like mapping groups of external users to a single MySQL user (so you won't have to have 1-to-1 mapping between your external user directory and your mysql user repository) or ways to control the process as a DBA.
Or you can simply skip ahead and read the relevant topics from MySQL's excellent online documentation. Or take a look at the example plugins in plugin/auth. Or take a look at the test suite in mysql-test/t/plugin_auth.test.
About

Writing about the interesting features and oddities of the MySQL server and related code.

Search

Categories
Archives
« Март 2015
НдПнВтСрЧтПтСб
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today