{"id":1583,"date":"2009-08-31T23:35:43","date_gmt":"2009-09-01T04:35:43","guid":{"rendered":"http:\/\/www.bytebot.net\/blog\/?p=1583"},"modified":"2009-08-31T23:37:14","modified_gmt":"2009-09-01T04:37:14","slug":"securich","status":"publish","type":"post","link":"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich","title":{"rendered":"SecuRich"},"content":{"rendered":"<p>I got to meet, and share a meal with a most interesting <a href=\"http:\/\/www.mysqlpreacher.com\/wordpress\/\">Darren Cassar<\/a> at FRoSCon\/OpenSQLCamp, who&#8217;s the mastermind behind <a href=\"http:\/\/www.securich.com\/\">SecuRich<\/a>. Some sparse notes, while we await his slides. I think there&#8217;s some great potential here, and SecuRich is exciting and should be given some more love.<\/p>\n<p>Designed to work with Sybase and MySQL in mind (because he&#8217;s hacking on migrating Sybase to MySQL).<\/p>\n<p>How often do we audit user privileges and access levels? How often do we forget temporary elevated privileges? <\/p>\n<p>What you have in MySQL today: Authentication against &#8216;username&#8217;@&#8217;hostname&#8217;, and the password is hashed by PASSWORD() function. There is wide range of privileges, and the granting of privileges is controlled. <\/p>\n<p>What are limitations in MySQL today: Password limits are not available (password size limit, password history, password complexity meter, password minimum age), its quite complex to manage, there are no roles, it is easily unsecured (if you provide an access to the MySQL database, you can try brute force attacks, etc.). Once you drop the database, the grants are still there &#8211; obsolete grants are not removed.<\/p>\n<p>SECURICH has password limits, reduces complexity to manage, has roles, is a lot more secured, and soon, there will be removal of obsolete grants.<\/p>\n<p>Compatible with MySQL 5.0 and later, as it uses INFORMATION_SCHEMA extensively. It requires I_S.processlist, which is only available in MySQL 5.1 though.<\/p>\n<p><i>I don&#8217;t see why this wouldn&#8217;t work on Windows, besides some scripts written in BASH. My only experience with this is however on Linux and OSX.<\/i><\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20SecuRich&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2009%2F08%2F31%2Fsecurich&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"39ca82181c\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-1583\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-1583\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-1583\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>I got to meet, and share a meal with a most interesting Darren Cassar at FRoSCon\/OpenSQLCamp, who&#8217;s the mastermind behind SecuRich. Some sparse notes, while we await his slides. I think there&#8217;s some great potential here, and SecuRich is exciting and should be given some more love. Designed to work with Sybase and MySQL in [&hellip;]<\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20SecuRich&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2009%2F08%2F31%2Fsecurich&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"39ca82181c\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-1583\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-1583\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-1583\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2009\/08\/31\/securich?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_options":[]},"categories":[23],"tags":[1000,1775,999,1001],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/s4vJD-securich","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":927,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2008\/08\/08\/howto-mysql-connectorc-on-mac-os-x","url_meta":{"origin":1583,"position":0},"title":"HOWTO: MySQL Connector\/C++ on Mac OS X","date":"8\/8\/2008","format":false,"excerpt":"Excited with the release of the MySQL Connector\/C++, I thought I'd get it going on Mac OS X. You'll first hit the problem that Mac OS X doesn't come with CMake. So you'll have to download it from the site - there's a warning there that the .dmg installer only\u2026","rel":"","context":"In &quot;MySQL&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2914,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/22\/ubuntu-14-04-some-mysql-ecosystem-notes","url_meta":{"origin":1583,"position":1},"title":"Ubuntu 14.04 &#8211; some MySQL ecosystem notes","date":"22\/4\/2014","format":false,"excerpt":"Following my previous post on the launch, I just rolled Ubuntu 14.04 LTS on an Amazon EC2 t1.micro instance (not something you expect to run a database server on, for sure - 1 vCPU, 0.613GiB RAM). If you do an apt-cache search mysql you get 435 return result sets with\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2262,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2012\/02\/05\/building-simple-complex-replication-clusters-with-tungsten-replicator-by-giuseppe-maxia","url_meta":{"origin":1583,"position":2},"title":"Building simple &#038; complex replication clusters with Tungsten Replicator by Giuseppe Maxia","date":"5\/2\/2012","format":false,"excerpt":"Giuseppe Maxia of Continuent. MySQL replication is single threaded. Multi-master replication is complex with MySQL. Circular replication works but is very fragile. Once you've achieved the feat, how do you avoid conflicts? The lack of global transaction ID today also means you may have slaves that may not be synchronized\u2026","rel":"","context":"In &quot;MySQL&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":372,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2006\/02\/21\/one-laptop-per-child","url_meta":{"origin":1583,"position":3},"title":"One Laptop Per Child","date":"21\/2\/2006","format":false,"excerpt":"There was a request to take a gander at the $100 Laptop: One Laptop Per Child (OLPC), and reading Fedora People recently made me want to snap up the opportunity to give it a go. Here are my first impressions on the emulator, known as the OLPC SDK, by Daniel\u2026","rel":"","context":"In &quot;MySQL&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3131,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2015\/11\/10\/ubuntu-online-summit-mysql-variants-in-16-04","url_meta":{"origin":1583,"position":4},"title":"Ubuntu Online Summit: MySQL &#038; Variants in 16.04","date":"10\/11\/2015","format":false,"excerpt":"I personally have always enjoyed the Ubuntu Developer Summits (UDS), but nowadays they have been converted to the Ubuntu Online Summits (UOS). Attending them is not always convenient (timezone issues, might be travelling, etc.) so I watched the recorded video of a session I was interested in: MySQL & Variants\u2026","rel":"","context":"In &quot;Distributions&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1456,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2009\/04\/20\/conversations-at-the-mysql-conference","url_meta":{"origin":1583,"position":5},"title":"Conversations at the MySQL Conference","date":"20\/4\/2009","format":false,"excerpt":"Today, for me is day 1 of the MySQL Confernece & Expo 2009. It seems to be going pretty well - and its only 2.45pm. If you follow Planet MySQL, or happen to just have random conversations with people, the main buzz for the day is \"Oracle buying Sun\". But\u2026","rel":"","context":"In &quot;MySQL&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/1583"}],"collection":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/comments?post=1583"}],"version-history":[{"count":3,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/1583\/revisions"}],"predecessor-version":[{"id":1585,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/1583\/revisions\/1585"}],"wp:attachment":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/media?parent=1583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/categories?post=1583"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/tags?post=1583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}