Posts in MySQL NEWS

Interview with a MySQL Expert - Eric Vanier

#6: The Best Advice You Could Ever Get From An Interview With A MySQL Expert

August 7th, 2017 Posted by MySQL NEWS No Comment yet

Interview With A MySQL Expert – Eric Vanier

Interview with a MySQL Expert - Eric Vanier

Interview with a MySQL Expert – Eric Vanier

Large scale application performance is of utmost importance. Millions of people use Enterprise applications every day and organizations make sure that these applications are running smoothly.

When it comes to performance, databases are the first things to be looked at and maintained. Many issues in the application often link back to them. And the people entrusted with the responsibilities of finding, fixing and optimizing the databases are the “Database Administrators” (DBAs)

I got the opportunity to interview With A MySQL Expert, Eric Vanier. Eric has been consulted by many Fortune 500 companies to solve their database related issues.

It was a humbling yet enthralling experience to learn about his contribution to Multi-National organizations. Following are the excerpts of the interview.

Question 1: Hello, Eric. Thanks for joining me. So, it’s been almost twenty years in the industry. How has your journey been so far?

 

So far, I have to say that at the end of the day, I’m always happy because I have helped business and people to improve their critical databases and save a lot of headaches. I have been able to do this by helping these businesses with a proactive plan to avoid any disruptions, answer pertinent questions that will avoid any mistakes.

Also, the most important aspect for me is to work well with client’s team and I’m always completely willing to do a knowledge transfer while fixing issues because, at the end of the day, the data is owned by the client.

I completely agree with that. I know that the Fortune 500 companies approach you for consultation. That’s a really big thing. Could you share what kind of issues they face?

 

Fortune-500 - MySQL Expert Eric Vanier

Fortune-500 – MySQL Expert Eric Vanier

In general, Fortune 500 companies approach me to evaluate their existing MySQL Database design and make any recommendations for improvement.

Sometimes, I would have to look over their existing MySQL environments because they would have had some major performance issues. These are particularly tricky because the source of the problem is hard to detect and only with time one can quickly Identify them.

 

 

 

Question 2: This raises a question. Would your clients get just the solution to their problems or is there more?

 

Oh, there is lots more to it than to just solve problems that exist. My main goal is to make sure that not just the problems at hand are solved but also look into other potential threats and come up with strategies to mitigate them.

I help all my clients save time in researching, assisting DBAs, Directors, System Administrators, Developers in query optimization or database performance. This way my clients save time and a lot of financial resources as well.

 

Question 3: What is a typical procedure you follow while solving issues?

 

Most of my clients would want me to point out their major problem and have a list of recommendations to correct their MySQL performance issues quickly. The procedure I follow would vary depending on the client’s need and what is being addressed.

In my experience, I have found that different clients have their unique way of approaching problems and solving them. And over the years, I have learned to take these into account while understanding their systems and infrastructure so that I can provide a tailored service that suits them perfectly.

Now, that being said, there are a few diagnostic checks that I perform for almost all the clients in order to gain more understanding of the problems related to the databases. This analysis would typically involve things like scrutinizing the database design and structure, examining the slow queries and performance glitches, and so on.

I make it a point to work closely with my client’s team so that they too know how to solve problems in the future and understand what is being done during the solution implementation phase.

 

Question 4: You had mentioned that even the small and medium sized companies approach you for consultation. Could you share some more insights into that?

 

I feel extremely fortunate that I can help small and medium sized companies with all their issues and add a significant amount of value to their business applications.

The current situation in the market is pretty bad. It is difficult for a company to find expert DBAs to solve their problems. The ones they hire either provide temporary or incomplete solutions or they tend to miss out on many potential threats. This usually becomes a huge overhead on small and medium sized companies.

Another issue is that the expert  DBAs from large firms and organizations are extremely expensive to hire and most often the small or the medium sized companies cannot afford them.

I always strive to provide the best service to all my clients at affordable costs and I am grateful that I am able to do this.

 

That’s great Eric. I’m sure there will be many more small and medium sized companies who would be looking out for someone like you.

 

Question 5: There might be many companies around the world who would want to hire DBAs. What are the key qualities that organizations must look for when hiring an Expert DBA or an expert consultant?

 

That’s a very good question. There are a few things anyone can look out for either while searching for or hiring an expert DBA. Firstly, please do not to just go ahead looking at their profile. Meet them, ask questions, understand what they would do and then proceed.

One can look at a few qualities like their experience in working with Enterprise Applications and making sure that they are capable of providing Enterprise-wide services and not something that is very specific.

I also believe that DBAs should be very patient and listen to their clients carefully, understanding the requirements and issues very clearly. If they aren’t, then the company is going to have a hard time working with them.

DBAs who have experience working with the Fortune 500 companies have an added advantage. The reason for that you gain a lot of knowledge working with critical databases and delicate infrastructure designs. There is no room for error you know. One small mistake might lead to millions of dollars in loss for the company.

 

Question 6: We have a lot of readers who are either aspiring to become DBAs or have just started. What advice do you have for them?

 

Ah, that’s an important question that needs to be addressed. For those aspiring to become a DBA, the first thing they should have are:

  • A good monitoring tool that will alert them to any performance issues.
  • A knowledge regarding how to find and optimize in deep their queries.
  • How to use MySQL tools and understand MySQL to review the slow queries
  • Knowledge about where to look to see where is the issue and then apply the proper solution.

 

Always be ready for the worst:  plan for a failover, backup strategy, etc. And finally, always have an external Expert who can answer or address their concern and questions.

Question 7: Everyone is talking about jobs being automated. Should DBAs be worried about their jobs being taken over by machines?

 

No, because large corporations or smaller businesses will always be in need for a good DBA to review the automation processes.

Also, I agree on automatization because it gives an opportunity for the DBA to focus more on strategic and improvement database architectures instead of doing manual tasks.

The motivation part of a DBA job is to be able to focus on planning, recommending the proper solution that will keep available 24 by 7 databases and critical data and keep happy clients and businesses and this will guarantee business revenue.

That’s great Eric. Thanks for sparing your time and sharing your thoughts.

Conclusion

 

So those were the excerpts from the interview. I hope you got something to take away from it.

You can contact Eric via his website https://www.ericvanier.com/contact to contact and know more.

This interview was conducted by https://SourceDexter.com, a leading technical and technology magazine.

 

eric_vanier_mysql_dba

#5: Why you need an expert MYSQL DBA

July 1st, 2017 Posted by MySQL NEWS No Comment yet

Why you need an expert MYSQL DBA

Most organizations wait for problems to occur with their enterprise applications before they take any measure. The signs of these problems go unnoticed until a major failure occurs.  A study made by Gleanster Research found that the most common reason for performance issues in an application is related to the database. They found that the database related issues account for a staggering 88% of all application issues.

A routine check on the database health can reveal weak points much before they become a real problem. In my 17 years of experience as an expert MYSQL DBA,  I have helped many of the Fortune 500 companies to not just solve their issues but also find potential problems and rectify them.

Signs of Problems in Enterprise Applications

There are many things that you might notice about the change in application’s behavior.  Following are some of the most common issues related to databases that require the attention of a DBA.

  1. MYSQL queries seem to be stuck for minutes. This can occur out of nowhere, but once it begins, it’s most likely that it will not solve on its own.
  2. A sudden dip in application performance. This is usually seen as applications taking a long time to perform small simple tasks.
  3. MYSQL DB starts to take up a lot of computational and storage resources. You might see that the CPU is being used more than usual and the rate of increase in storage is faster than usual.
  4. You might find that the rep
    lication slaves are struggling to keep up with the increase in data.

 

Have you observed any of these signs? If yes, then I would strongly recommend you to consider consulting an Expert MYSQL DBA.

 

Expert MySQL DBA

Expert MySQL DBA

Major Difficulties While Working With the DBAs

For database management and consulting, there is a good chance that you might come across a lot of people without the right qualifications. It has become very difficult to find expert MYSQL DBAs.

 

 

 

Even after hiring someone, you cannot be fully sure if a problem is completely fixed or a temporary patch has been applied. Inexperience can lead to potential threats being missed. As a DBA, the job is not to just fix the problem at hand but to also find threats and other potential problems and weaknesses. Unfortunately, I am seeing that many DBAs aren’t doing these things today.

 

Major corporations like Percona and Oracle have a good number of  expert MYSQL DBAs, but they are extremely expensive and other companies have to bear huge costs by engaging them.

Finally, difficulties arise when only a partial solution has been identified by the DBA. This usually occurs when the root cause of the problem is not identified, but a fix is made only to counter the issues occurring in the production environment. Though this might not be an issue on a short-term basis, it has to be rectified to make sure that this does not lead to another bigger problem.

Characteristics of an Expert DBA

MySQL Performance Expert

MySQL Performance Expert

If you are consulting a DBA, then you can look for the following characteristics to evaluate if he is good as a DBA consultant.

  • A good MYSQL DBA consultant listens to all of the client’s needs and problems and proposes a set of approaches to solving the problem or gives a lot of useful recommendation.
  • The consultant has the ability to provide enterprise-wide support for MYSQL.
  • The DBA will identify exactly why the application is struggling and quickly find the database issues. He then helps the client’s team by guiding them through a step-by-step procedure to correct the problems.
  • The consultant brings in a vast amount of experience working even with the Fortune 500 companies and helping them in keeping the enterprise database healthy.

 

I have been doing all of this for almost two decades now and my clients have been extremely satisfied and happy with my consultation and enterprise-wide support. Many of the above points might be missed if the DBA is not good and that might lead to the problems going unnoticed.

 

MySQL Advice Expert

MySQL Advice Expert

How I can help you

As an expert MYSQL DBA, I consult organizations on their problems, understand their needs completely and propose solutions. All of my clients are extremely happy with my services and here is how I can help you.

I bring in almost two decades of experience working with large corporations to quickly identify the problems with your databases on an enterprise-wide level.

 

  • Did you know that regular monitoring of databases is extremely important for performance and security? And for that reason, I can help you set up various strategies for:
    • Monitoring all the MySQL databases
    • Monitor performance metrics
    • Monitor security and integrity of your databases.
  • The solutions that I will propose will be tailored to your needs and requirements. In other words, they will be optimized for your infrastructure.
  • Most of the times, I will propose a time bank of hours and you can use it according to your convenience. Most importantly, results are 100% guaranteed.
  • Once all the issues have been identified, I then guide the team in a step-by-step manner through my unique coaching program, to implement the solutions.

 

Do you need my Help?

I am here to help and strategize and solve any type of enterprise-wide issues that you have. You can reach out to me via the website or you can email me at [email protected]

Step by Step Advanced MySQL Query Tuning

#4: MySQL SQL Query Optimization and Database Tuning for Beginners

June 19th, 2017 Posted by MySQL NEWS No Comment yet

MySQL SQL Query Optimization and Database Tuning for Beginners

It is not easy to find highly optimized SQL queries and well-structured databases. You might have the task to design a DB or to improve the performance of queries, either way, you need to be prepared to handle the challenges. MySQL SQL Query Optimization and database tuning are important skills that will help you make the application perform better.

In this article, we will go through what these tuning and optimization techniques mean. I will demonstrate some basic examples. The scope of this article is for beginners, but towards the end, we will talk about how to learn other skills such as advanced MySQL query tuning.

 

What is SQL Query Optimization

Step by Step Advanced MySQL Query Tuning

Step by Step Advanced MySQL Query Tuning

Query optimization in DBMS  or query tuning is the process of altering the query to make it run faster. Often, the queries which are initially written aren’t designed for scale. This leads to the query slowing down the application as the amount of data increases.

As a beginner, you must understand some of the basic concepts behind an SQL query. This will help you identify potential problems with queries that you are tuning. Following are some of the SQL Optimization Techniques:

 

  1. The very first technique is to check the select statement. Very often, developers tend to use the “*” in a select query.

 

Example:

SELECT * FROM EMPLOYEE;

What you must understand here is that the “*” should be used only when all the fields need to be fetched.To make the query faster, mention only the fields that need to be fetched. Example:

SELECT FIRST_NAME, AGE, GENDER FROM EMPLOYEE;

 

  1. Using the operators IN, EXISTS appropriately. You must understand when each of them has to be used. It has been found that using “IN” is the slowest when it comes to query execution time. Following is an example of how you can perform SQL query optimization when you find a query having the IN operator.

SELECT NAME, AGE, GENDER FROM EMPLOYEE 

WHERE EMP_ID IN ( SELECT EMP_ID FROM MANAGERS)

 

            Now, instead of the above query, you can use EXISTS as follows.

 

SELECT NAME, AGE, GENDER FROM EMPLOYEE E

            WHERE EXISTS ( SELECT EMP_ID FROM MANAGERS M

            WHERE M.EMP_ID = E.EMP_ID)

 

  1. You can also use simple MySQL query optimization tools like the “EXPLAIN” operator. This operator, when added to the beginning of a query, gives you a sense of time the query will take to execute. It might not be fully accurate, but as a beginner, this will be very useful to you. The output of this query is called “QUERY PLAIN”. Following is an example:

EXPLAIN

            SELECT * FROM EMPLOYEE

            WHERE SALARY> 100000;

 

This will give you a cost associated with the query and higher the cost indicates, longer run time.

 

What is Database tuning

 

There are many things which overlap Database tuning and SQL query optimization. These two concepts are interrelated. However, the database tuning refers to the way in which database needs to be designed, and how to choose the right DBMS application and how to best set up the DB environment. Though this skill comes with time and experience, there are a few things you can look out for that would make your database more efficient.

 

  • The very first thing you do is Normalize the database. Database Normalization is the process of removing redundant columns or to restructure the tables. Normalization helps to decrease anomalies that tend to occur when various queries are executed. The normalization process is divided into 4 different forms each addressing the various ways in which redundant data can be identified and used.

 

  • Creation of optimized indexes. Index creation is a tricky subject. No indexes will lead to queries being slow and too many indexes will slow down the DML queries ( queries to insert, update and delete). This means that indexes must be created only when it is required. In my upcoming webinar series: “Advanced MySQL query tuning”, I take you through each task of SQL query optimization step by step. Enrolling in the course gives you a lot of benefits that can boost you to the next level.

 

  • DB statistics tools provide information on table indexes and their distribution. These statistics help the DBA to find paths that not only satisfy a query but is also inexpensive.

 

Conclusion: what to do next?

 

We saw how you can quickly identify some of the most common mistakes developers or DBAs make. You can identify such anomalies and correct them to improve the database performance.

 

These, however, were just the basics. A drop in the ocean. As a DBA or someone performing SQL Query Optimization or Database tuning, there is much more to learn and apply. Over the 17 years in the industry, many of the Fortune 500 companies have hired me as a performance expert consultant and I have successfully helped them in overcoming their challenges.

 

MySQL Optimization

#3: Top 3 must have MySQL DBA skills for 2017

June 17th, 2017 Posted by MySQL NEWS No Comment yet

Top 3 must have MySQL DBA skills for 2017

Database administrators are faced with the rapid advancements in database technologies. There are new updates, features or releases that are rolled out frequently. This makes it important to make sure that your DBA skills are up to date. I have worked closely with some of the fortune 500 companies as a database consultant and a DB performance expert. In this article, I share with you the top DBA skills that you must have to become a better DBA.

Why is it necessary to improve your DBA skills?

 

As of today, DBAs are faced with many key challenges. These challenges involve a paradigm shift in the way applications are developed, turning all the focus to them. The fact still remains that at the heart of it lies the database.

 

A few years ago, having MySQL DBA skills or even more specific like the Oracle DBA skills were considered sufficient. But now with the advancement of technologies like NoSQL, a DBA is faced with the challenge of being an expert with these newer technologies.

 

The graph below is the result of a study made by Gleanster Research. The graph indicates the most common reasons for performance issues in applications. As you can see, database related issues are number one with it occurring 88% of the time. Being a database Performance Expert, I have helped many organizations to solve their issues and improve the overall performance.

 

MySQL Performance

MySQL Performance

 

Let us now walk through the top DBA skills required for 2017.

 

1.Managing Distributed Database systems

Managing Distributed Database systems

Managing Distributed Database systems

 

With the advancement in cloud computing and cloud data storage, most of the applications are built with distributed databases. An organization’s critical data might be present on the “on-premise data center” . However, the remaining majority amount of data might be present in the cloud. This makes it very important for DBAs to have the knowledge on distributed data systems and its implications on the application’s performance.

 

When it comes to distributed data systems, knowing what has to be done where is the most valuable skill among all the DBA skills. Following are some challenges that you have to be ready to face and how you can optimize.

 

  1. When there is a choice of deployment between on-premise and cloud, the performance implications due to latency and bottlenecks should be considered.
  2. Deployment of distributed systems can become unpredictable due to factors like backup load time, internet speed, etc, and to mitigate these factors, consistency must be maintained while using the deployment tools or software and strategies.
  3. There is a chance of problems not being solved only by moving databases to the cloud. In such cases, the inherent performance issues must be taken into consideration.
  4. Moving to the cloud will have a security risk attached to it. This requires you to move beyond the traditional encryption based security service and provide a much more secure platform.
  5. The backup, recovery and restoring strategies must be thought of thoroughly as distributed systems can cause issues only in certain places.

2. Adapting to the shift in development approaches

 

From the research that I have stated earlier, DBs are one of the major reasons for performance issues. They are the heart of almost every application. With organizations relying heavily on applications to run their business, the focus is shifting to building better applications. When a shift like this occurs, the DBA no longer is responsible for just the database.

 

The responsibility increases to the whole application. This does not mean that the DBA should know application development. What it means is that the DBA needs to make sure that the application performance is not compromised due to database related implications. The required DBA skills, in this case, would be as follows.

 

  1. The DBA must maintain a performance trend of the application over time. This trend will contain in detail the performance measure of the application over days, weeks, and months. This would then form a tool for identifying patterns, or anomalies in application performance which intern might be related to issues in the database.

 

  1. The resources that are allocated to the DBs come under the umbrella of traditional SQL DBA skills. But, with the shift in approach, the DBA must move a step further and be accountable for the application as a whole. This can be done by managing and maintaining the logs of end-user wait times. Keeping a tab on what the end-user is waiting on and what kind of data is affecting the load time is important. This information can be used to tune the DBs to improve performance.
  2. The DBA must explore and set up all the necessary tools for monitoring not just the state of the DB servers, but also the other infrastructures like storage machines, hosts, networks, etc. Without this, it can get extremely difficult to perform any check on the application while monitoring for errors and anomalies.

 

3. Diversification of Database platforms

 

Diversification of Database platforms

Diversification of Database platforms

 

The applications are no longer always monolithic. As of now, applications are typically broken down into manageable sub units each having an architecture that suits the type of data it consumes. When situations arise where these units consume unstructured data, No-SQL databases like Mongodb or Cassandra are used. This makes it important for the DBAs to adapt to newer Databases and know how to manage all the different databases efficiently. Following are some of the DBA skills with respect to multiple databases.

 

  1. Evaluating the cost and performance measures with regard to moving various databases to the cloud vs keeping it on-premise. As a DBA, you will have to assess the performance parameters before moving a particular database to the cloud or moving it away from cloud to a local data center.

 

  1. Just like the other skills, you should find a single point tool for all the different databases. Maintaining a different dashboard for each type of database will make it cumbersome to manage them. A better solution would be to invest on a software that provides a single dashboard for all the different types of databases.

 

  1. As much as possible try to maintain consistency when it comes to integrity and security of the data. Also, use consistent strategies for backup and restore. This will make sure that the failure due to mixing up of strategies reduces, thereby improving the capability of the database.

 

Conclusion

 

With this, I hope you are ready to transform, adapt, and embrace the challenges that a DBA encounters. With the change in trends, we must adapt to those changes so as to remain in the game and become better at it.

I have designed and created a series of webinars which aims to help DBAs like yourself to become better and stay up to date with the technology. I have shared the knowledge I have gained through my experience in the industry  and I can assure you that you will have many things you can take away from it.

 

mysql_mariadb_performance_security

#2: How To Solve The Biggest Problems With MySQL Database?

November 9th, 2016 Posted by MySQL NEWS No Comment yet
mysql performance tuning tools

MySQL Performance Security

Today, let’s talk about one of the biggest problems that a lot of organizations have with MySQL performance tuning, security and compliance posture.  

Since years I see the same kind of problems with MySQL performance issues that I have been solving, like: 

  • Every 20-25 hours, all MySQL queries seem to be stuck for 1-2 minutes.  
  • MySQL is consuming too much CPU and disk.  
  • Replication slaves can’t keep up anymore.  
  • This query shouldn’t be taking this long. It’s 10 times faster in dev. 
  • Things were running fine for three months and suddenly performance slowed down, we’re not sure what to do. 
  • Hundreds of other interesting challenges, each special in their own way. 

 

Let me ask you this important question?


How many of you : 

  • Monitor their MySQL databases ? 
  • Monitor performance metrics ? 
  • Monitor security of their databases? 

Did you know ? 

Database monitoring is essential for two main reasons: performance and security of the database. 

 

Database monitoring should be important to you !

MySQL database monitoring is an important part of your organizations security and compliance posture. Knowing what to monitor, who should monitor it, and how often to set up alerts and scans is crucial for maintaining system health. Most importantly, implementing the right tools can save your organization a tremendous amount of time and agony, as well as help prevent potential breaches, performance issues and get answers to a lot of questions. 


How often do you have to monitor your MySQL Databases ? 


It depends how critical it is. If it’s a mission-critical system, you need to be on top of both performance and security issues at least daily. However, you can reduce your need to view the dashboard of your monitoring tool to a weekly check-in if you have alerts set up to inform you of critical issues in real-time. 


For both database security and database performance, real-time alerts are highly recommended for any critical databases. Real-time alerts ensure that you can take care of critical issues as soon as they occur. Real-time preventive measures ensure that your database is secure, even if you don’t take any immediate measures. 

 

What should you be monitoring? 


Every organization is different, but following the MySQL database check list that could point to performance and security. Here is the list: 

  • mysql_performance_tuning_consulting

    MySQL Performance Tuning Consulting

    Identification of all privileged users 

  • Database performance and history tracking 
  • Connections usage 
  • Content of queries and responses of queries 
  • Inactive users 
  • Configuration changes (Security article
  • Storage of the database monitoring and log information
  • Top 10 query consumers of data 
  • MySQL replicated cluster 
  • Deadlock 
  • Information on disk usage

 

Get information before the server runs out of resources. 

 

I have used in my MySQL DBA career many monitoring tools like for instance: MySQL Enterprise Monitor and MONyog monitoring tool and for me the best monitoring tool that is easy to use, configure and gives you all performance and security metrics that you need is MONyog   

But why MONyog? 

MONyog is the best out-of-the-box GUI monitoring tool for MySQL that I have seen so far. It “just works.” You can get it up and running quickly and having a centralized location for monitoring is very useful. The graphs are beautiful and the statistics that are graphed are useful time-savers. 

The biggest difference between MySQL Enterprise Monitor and MONyog is that MONyog is agentless. that agentless operation works for every feature, including log analysis as well as operating system statistics. 

 

Conclusion 

 

The biggest challenge for organizations is to identify the SQL statement that runs slow, get the information before the server runs out of resources and get alerts on time. 

The best advice I can give you is to get the right MySQL monitoring tool that will help you by advising you before a problem will occur, give you some advice based on real time metrics. 

In other words, having a monitoring tool that will advise you is as a “MYSQL TUNING EXPERT” in a box will help you sleep at night and also help you to tune your current MySQL servers and find and fix problems before they can become serious or costly outages.
  

MySQL replication setup

#1: How To Solve MySQL Zero-Day Exploits that hack your database

September 8th, 2016 Posted by MySQL NEWS No Comment yet
MySQL Vulnerability by MySQL Security DBA

MySQL Vulnerability by MySQL Security DBA

A Critical MySQL Zero-Day Vulnerability Uncovered!

As you know MySQL, is the most popular Open Source SQL database management system, is developed, distributed, and supported by Oracle Corporation.

Unfortunately, two critical MySQL zero-day vulnerabilities have been discovered in the world’s 2nd most popular database management software MySQL that could allow an attacker to take full control over a database.

 

 

 

 

Do you know what is “A zero day vulnerability” refers to ?

 

MySQL Zero-day by MySQL Security DBA

MySQL Zero-day by MySQL Security DBA

As a MYSQL Security DBA,  let me explain,  a zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.

Polish security researcher Dawid Golunski has discovered two zero-days, CVE-2016-6662 and CVE-2016-6663, that affect all currently supported MySQL versions. However, seems that MariaDB and Percona DB had fixed the vulnerabilities, but Oracle had not published anything so far.

The vulnerability “CVE-2016-6662″ can be exploited by hackers to inject malicious settings into MySQL configuration files (my.cnf/my.ini) .

 

The researcher also warned that the vulnerability could be exploited even if SELinux or AppArmor Linux kernel security module is enabled with default active policies for MySQL service on the major Linux distributions.

As you probably know, a lot of companies including Facebook, Google, Adobe, Alcatel Lucent and Zappos rely on MySQL to save time and money powering their high-volume Web sites, business-critical systems and packaged software.”

How attackers exploit “A MySQL zero day vulnerability”?

 

Attackers can exploit your MySQL server vulnerability after gaining access to the database server in one of these two ways :

1. By obtaining an authenticated access to your MySQL database

 

Database user login details can be stolen in many ways by attackers. Accounts with easy and insecure passwords can be accessed via network connection or web interfaces such as phpMyAdmin.

 

2. Attack via SQL Injections directly to your MySQL database

 

Web applications such as PHP and ASP (Windows) are vulnerable to SQL injections. It is a code injection technique in which SQL statements are inserted into the code and database information is leaked by the attackers.

Once an access is gained to a database user account, attackers can execute remote code in the server. This code allows them to gain root access after a service restart.

This is known as privilege escalation and once root privilege is gained, attackers can do just about anything in your servers. That’s why this exploit is considered a critical one.

By abusing MySQL logging functions, attackers can bypass security restrictions to do the following hacks:

 

1. Many servers that are not secured properly, may have config files owned by ‘mysql’ user instead of root user. Hackers can inject malicious settings into such configuration files.

2. These Hackers can even create entirely new configuration files with malignant parameters in some directories such as the MySQL data folder, which is writable by the ‘mysql’ user.

3. Privilege escalation renders attackers with MySQL admin privilege and thus enables them to modify the config files, even if the initially accessed account has only basic file permissions.

MySQL hardening and support

MySQL hardening and support

How To Solve this Zero-Day Exploits That can Hack Your database?

Until Oracle finds a solution and fixes the problem in its next releases, the researcher suggests some temporary mitigations for keeping the servers safe.

“As temporary mitigations, users should ensure that no MySQL config files are owned by mysql user, and create root-owned dummy my.cnf files that are not in use. ”

What does that mean?  It means that you have to make sure that the owner of “my.cnf/my.ini (Windows)” is either “root” or “administrator”

While these temporary mitigations are just workarounds, Golunski suggests that as soon as the vendor patches are available, the users should apply them.

 

Here is what you can do:

  1. Examine the server and ensure that mysql config files are owned by root user and not ‘mysql’ user.
  2. Always scan your MySQL Server  for vulnerabilities.
  3. Also, it is advisable to keep a copy of this my.cnf in MySQL folders to prevent hackers from creating new config files.
  4. To change the ownership of MySQL config file in a Linux server, use the command:
chown root.root /etc/my.cnf

In short..

Until Oracle fixes the problem in its next CPU, you can implement some temporary mitigations, proposed by the researcher, for protecting your servers.

While zero-day vulnerabilities cannot be prevented, acting immediately to apply the fix and patch is crucial to avoid a catastrophic business downtime.

Stay Connected!

Get email MySQL Optimization PRO tips delivered straight to your inbox!
SUBSCRIBE
Click Me