Archive for the ‘securich’ Category

Securich 0.3.0

Август 20th, 2010

Around these days last year I presented `securich` for the first time. It was at froscon 2009, barely knowing anybody, spending my 27th birthday in a hostel in Germany fixing some bugs before the actual presentation on a 10 inch netbook (my mac had some problems at the time but thats another story :)). I got a beating, verbally of course! Many of the people listening to the presentation were expecting something else since another presentation was supposed to be running at that time, some even started dozing off (encouraging? not really hehe) but after a few minutes people started getting interested and asking all kind of questions. “This awesome” I thought to myself, “questions are good, it means people are understanding and want to know more”, but the more they learnt the more they realised how young securich was as a tool, lacking fundamental features like reverse reconciling securich with mysql rather than the other way round, bugs cropping up (Giuseppe aka datacharmer made sure he found some on the fly :P) but oh well back then it was just four months old.

Now after a year and four months into it, Securich is still in Beta but MANY MANY more features were included, bugs fixed (others created) and it even made it through two sessions at the Oreilly MySQL Conference and Expo 2010 and two mysql university sessions.

The end points here are:
1. Share your knowledge and code with the community, we learn, you learn!
2. When you fall to the ground, climb back up and get on your feet again. Start running!
3. Securich is now at version 0.3.0 (10th official release), help yourself at google code your feedback is greatly appreciated!

Most of the new release is bug fixes but some of the features added in this version are:
1. Any user can now install securich not just mysql root
2. You can now grant privileges on the mysql db (by default still disabled as it runs in “strict” mode which needs to be changed to “lenient” manually)
3. The installation script now keeps the securich package intact for further many installations
4. Better error reporting (for debugging purposes)
5. Grants on tables using regexp are now case sensitive


PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in conference, froscon, grants, mysql, roles, securich, security, Uncategorized

Комментарии отключены

 

MySQL University: Securich — Security Plugin for MySQL (rerun)

Июнь 9th, 2010

This Thursday (June 10th, 14:00 UTC), Darren Cassar will rerun his February 25 presentation of Securich - Security Plugin for MySQL. (Recording of the session failed in February; hopefully it will succeed this time.) According to Darren, the author of the plugin, Securich is an incredibly handy and versatile tool for managing user privileges on MySQL through the use of roles. It basically makes granting and revoking rights a piece of cake, not to mention added security it provides through password expiry and password history, the customization level it permits, the fact that it runs on any MySQL 5.0 or later and it's easily deployable on any official MySQL binary, platform independent.
More information here: http://www.securich.com/about.html.

For MySQL University sessions, point your browser to this page. You need a browser with a working Flash plugin. You may register for a Dimdim account, but you don't have to. (Dimdim is the conferencing system we're using for MySQL University sessions. It provides integrated voice streaming, chat, whiteboard, session recording, and more.)

MySQL University is a free educational online program for engineers/developers. MySQL University sessions are open to anyone. All sessions (slides & audio) are recorded; the links will be on the respective MySQL University session pages which are listed on the MySQL University home page.


PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in mysql, plug-in, plugin, securich, security, sun, university

Комментарии отключены

 

MySQL University: Securich — Security Plugin for MySQL

Февраль 23rd, 2010

This Thursday (February 25th, 13:00 UTC - way earlier than usual!), Darren Cassar will present Securich - Security Plugin for MySQL. According to Darren, the author of the plugin, Securich is an incredibly handy and versatile tool for managing user privileges on MySQL through the use of roles. It basically makes granting and revoking rights a piece of cake, not to mention added security it provides through password expiry and password history, the customization level it permits, the fact that it runs on any MySQL 5.0 or later and it's easily deployable on any official MySQL binary, platform independent.
More information here: http://www.securich.com/about.html.

For MySQL University sessions, point your browser to this page. You need a browser with a working Flash plugin. You may register for a Dimdim account, but you don't have to. (Dimdim is the conferencing system we're using for MySQL University sessions. It provides integrated voice streaming, chat, whiteboard, session recording, and more.)

MySQL University is a free educational online program for engineers/developers. MySQL University sessions are open to anyone. All sessions (slides & audio) are recorded; the links will be on the respective MySQL University session pages which are listed on the MySQL University home page.

Here's the tentative list of upcoming sessions:

  • March 4: MySQL Column Databases (Robin Schumacher)
  • March 11: Improving MySQL Full-Text Search (Kristofer Pettersson)

By the way, did I mention that we need more speakers to fill up the 2010 schedule? If you'd like to be a speaker, have a look at this blog article!


PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in authentication, grant, grants, login, mysql, permission, role, roles, securich, security, sun, university

Комментарии отключены

 

SecuRich

Сентябрь 1st, 2009

I got to meet, and share a meal with a most interesting Darren Cassar at FRoSCon/OpenSQLCamp, who’s the mastermind behind SecuRich. Some sparse notes, while we await his slides. I think there’s some great potential here, and SecuRich is exciting and should be given some more love.

Designed to work with Sybase and MySQL in mind (because he’s hacking on migrating Sybase to MySQL).

How often do we audit user privileges and access levels? How often do we forget temporary elevated privileges?

What you have in MySQL today: Authentication against ‘username’@'hostname’, and the password is hashed by PASSWORD() function. There is wide range of privileges, and the granting of privileges is controlled.

What are limitations in MySQL today: Password limits are not available (password size limit, password history, password complexity meter, password minimum age), its quite complex to manage, there are no roles, it is easily unsecured (if you provide an access to the MySQL database, you can try brute force attacks, etc.). Once you drop the database, the grants are still there – obsolete grants are not removed.

SECURICH has password limits, reduces complexity to manage, has roles, is a lot more secured, and soon, there will be removal of obsolete grants.

Compatible with MySQL 5.0 and later, as it uses INFORMATION_SCHEMA extensively. It requires I_S.processlist, which is only available in MySQL 5.1 though.

I don’t see why this wouldn’t work on Windows, besides some scripts written in BASH. My only experience with this is however on Linux and OSX.



PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in froscon, mysql, opensqlcamp, securich

Комментарии отключены

 

Securich – 0.1.4

Август 10th, 2009
Just a small note to advise that Securich reached 0.1.4. Some new tools include: * Added Password complexity * Enhanced `set_password` – Old password is now necessary to replace it by a new one * Enhanced Revoke privileges to accept regexp * Added Block user@hostname on a database [...]
PlanetMySQL Voting: Vote UP / Vote DOWN
 

Posted in administration, Beginner, grant, group, groups, mysql, password complexity, password expiry, revoke, role, roles, securich, security, user, users

Комментарии отключены