MySQL Preacher » securich

Securich 0.3.0

Darren Cassar — Thu, 19 Aug 2010 21:59:19 +0000

Around these days last year I presented `securich` for the first time. It was at froscon 2009, barely knowing anybody, spending my 27th birthday in a hostel in Germany fixing some bugs before the actual presentation on a 10 inch netbook (my mac had some problems at the time but thats another story :)). I got a beating, verbally of course! Many of the people listening to the presentation were expecting something else since another presentation was supposed to be running at that time, some even started dozing off (encouraging? not really hehe) but after a few minutes people started getting interested and asking all kind of questions. “This awesome” I thought to myself, “questions are good, it means people are understanding and want to know more”, but the more they learnt the more they realised how young securich was as a tool, lacking fundamental features like reverse reconciling securich with mysql rather than the other way round, bugs cropping up (Giuseppe aka datacharmer made sure he found some on the fly :P) but oh well back then it was just four months old.

Now after a year and four months into it, Securich is still in Beta but MANY MANY more features were included, bugs fixed (others created) and it even made it through two sessions at the Oreilly MySQL Conference and Expo 2010 and two mysql university sessions.

The end points here are:
1. Share your knowledge and code with the community, we learn, you learn!
2. When you fall to the ground, climb back up and get on your feet again. Start running!
3. Securich is now at version 0.3.0 (10th official release), help yourself at google code your feedback is greatly appreciated!

Most of the new release is bug fixes but some of the features added in this version are:
1. Any user can now install securich not just mysql root
2. You can now grant privileges on the mysql db (by default still disabled as it runs in “strict” mode which needs to be changed to “lenient” manually)
3. The installation script now keeps the securich package intact for further many installations
4. Better error reporting (for debugging purposes)
5. Grants on tables using regexp are now case sensitive

Securich – 0.1.4

Darren Cassar — Mon, 10 Aug 2009 16:29:19 +0000

Just a small note to advise that Securich reached 0.1.4.
Some new tools include:
* Added Password complexity
* Enhanced `set_password` – Old password is now necessary to replace it by a new one
* Enhanced Revoke privileges to accept regexp
* Added Block user@hostname on a database level
* Added Creation of reserved usernames
* Added Help stored procedure displays help for each stored proc
* Enhanced `create_update_role` to include the removal of privilages from roles
* Enhanced `grant_priveleges` on `alltables` for a database without tables would terminate with an error instead of gracefully (now fixed)
* Added Restore user@hostname on a database level
* Removed ‘show warnings’ from sql installation

The database design using workbench is also available in the db folder (for easier understanding of what lies beneath.

Cheers,
Darren

Security – Roles and Password Expiry on MySQL using SECURICH

Darren Cassar — Thu, 11 Jun 2009 09:23:56 +0000

Lately there has been quite some talk about security on MySQL, and I’ve decided to GPL a package I wrote, implmenting Roles on MySQL.
This technology has been available on other databases for quite some time, but hasn’t quite yet made it to MySQL’s feature list and apart from this tool, the only solution I know of is google’s patches for MySQL 5.0.

The name is SECURICH and downloads as well as documentation are available at http://www.securich.com/. The bug list is available at here. Privileges can be granted on a database or table level with a few combinations like:
1. database as one,
2. all tables in database (useful when you need to grant a bunch of privileges to all tables but a few thus revoking the few later),
3. single tables,
4. stored procedure or
5. tables through the use of regular expression.

The user has the facility to create a role and update it on the fly thus propagating the changes onto already existing users having the role in question. There are also loads of other functionalities available and I urge you to check the documentation on http://www.securich.com/.

A cool feature I like is password history which enables dbas to enforce changing of passwords after a certain period of time.

Features like block user and unblock user as well as many other functionalities are being developed and more features will be added as time goes by.

I would greatly appreciate your feedback about what you think of the package, features you might wish to include etc (feature requests should be done through http://www.securich.com/mantis/ as well.)