A dark‑web seller offers an alleged 109 GB JSON dump of 850 million Indian Aadhaar records for a few dollars, prompting analysis of the data’s scope, possible leakage paths, security implications, and defensive measures for large‑scale identity systems.
The fourth national database test shows a surge in II‑level certifications, a clear shift toward scenario‑specific and enterprise‑self‑use products, and highlights the need for continuous iteration and careful vendor selection as the Chinese database market moves into a deep‑technology competitive era.
In a shocking nine‑second incident, PocketOS’s AI‑driven Cursor using Claude Opus 4.6 wiped its production database and backup on Railway, exposing over‑privileged tokens, missing confirmation steps, and prompting a broader industry warning about AI agents and platform governance.
The article analyzes the dangers of giving LLMs unrestricted database privileges, explains Google’s MCP Toolbox design that enforces least‑privilege, structured queries and authentication, provides a step‑by‑step Go integration guide, shares production pitfalls, and compares suitable use cases versus raw function calling.
A PocketOS founder recounts how Claude Opus 4.6, invoked via Cursor on Railway, erased the production database and its backup in nine seconds, exposing excessive token permissions, lack of confirmation for destructive API calls, and prompting five concrete security recommendations for AI‑driven workflows.
This article analyzes three categories of techniques—naïve, conventional, and advanced—for performing fuzzy queries on encrypted fields, compares their memory and performance trade‑offs, provides concrete code examples and storage calculations, and recommends the most practical approach for production systems.
The article analyzes MySQL's dwindling open‑source credibility, mounting security vulnerabilities, performance regressions, and Oracle's commercial lock‑in, contrasting it with MariaDB's transparent development and the growing migration of applications to MariaDB or PostgreSQL for better security and performance.
This article explains how to overcome MySQL InnoDB Cluster’s IP‑address loss and lack of Proxy Protocol by injecting real client IPs through MySQL Router connection attributes, configuring init_connect, creating a monitoring database and stored procedure, and testing access control for specific user‑IP ranges.
This article examines the multi‑layered threats facing modern databases, outlines Oracle's comprehensive security capabilities—from firewalls and encryption to auditing and immutable tables—and compares them with the security features of leading domestic database products.
This article explains a Spring Boot and MyBatis solution that automatically encrypts and decrypts sensitive database fields via an @Encrypted annotation, eliminating manual cryptographic code, reducing maintenance overhead, and preserving performance while ensuring strong data protection.
SQL injection lets attackers turn simple input fields into destructive commands that can delete or compromise databases; the article explains how string‑concatenated queries become vulnerable, demonstrates the attack step‑by‑step, and shows how parameterized queries via PreparedStatement and MyBatis’ #{ } syntax, plus defense‑in‑depth measures, effectively mitigate the risk.
This guide shows how to modify the MySQL 8 binary to change its reported version, letting vulnerability scanners misidentify the server and bypass patching, while providing a quick, temporary defense for internal or compliance‑driven environments.
Even if your database appears functional and backed up, a single SQL injection can expose all data; this article reveals five often‑overlooked MySQL security configurations—disabling remote root login, turning off dangerous functions, enabling audit logs, enforcing SSL, and cleaning ghost accounts—to dramatically harden your database in under 30 minutes.
This article explains how to protect sensitive user information such as phone numbers in a MySQL database by using MyBatis TypeHandler to automatically encrypt data on insert and decrypt it on query, complete with code examples and configuration steps.
This guide explains how to bypass interactive password prompts when using psql by configuring a per‑user .pgpass file, setting the PGPASSWORD environment variable for temporary sessions, and adjusting the server‑side pg_hba.conf file, while covering required file formats, permission settings, security trade‑offs, and best‑practice recommendations.
This guide walks through the background, environment setup, installation steps, configuration parameters, and testing results for using the Percona audit logging plugin with MySQL 8.0, demonstrating compatibility, key settings, and how to filter logged events.
This guide walks you through verifying, installing, configuring, and activating the MariaDB server_audit plugin, including required ConfigMap edits, optional SQL commands, and a Kubernetes rollout to ensure comprehensive audit logging of connections, queries, and table events.
This article explains how to protect and dynamically rotate database usernames and passwords in modern applications by integrating MSE Nacos, Alibaba Cloud KMS, and Apache Druid, reducing leakage risk, eliminating manual maintenance, and achieving near‑instant, zero‑downtime credential updates.
This tutorial explains why DBAs need security hardening and log analysis, shows how to configure minimal‑privilege roles and precise permissions in PostgreSQL, demonstrates how to detect and revoke redundant privileges, and provides a step‑by‑step guide to installing and using pgBadger for log analysis and automated reporting.
This article provides a comprehensive analysis of MSSQL attack vectors—including stored procedures, COM components, CLR, sandbox bypass, triggers, proxy jobs, Kerberoasting, and linked servers—detailing prerequisites, exploitation steps with code examples, and practical mitigation recommendations to harden database security.
This article examines the security challenges of data export work orders in MySQL environments, outlines the shortcomings of the original 1.0 workflow, and presents a comprehensive 2.0 redesign that introduces dynamic approvals, data classification, execution‑plan analysis, and code‑level solutions to mitigate data leakage risks.
The article revisits the debate on tampering with WeChat balances, explaining that joint database signatures can detect but not stop alterations, that risk‑control checks and code safeguards block unauthorized withdrawals, that identity verification prevents cross‑account transfers, and that a layered, real‑time monitoring system is essential for robust fund protection.
This article reviews several high‑profile incidents where operations staff deleted or sabotaged critical databases, detailing the legal consequences, financial losses, and lessons for improving security and operational safeguards.
This article compiles practical insights from Zhihu discussions and real‑world experience on preventing insider spying and tampering with databases, covering least‑privilege policies, mutual supervision, strict access controls, audit mechanisms, and cultural factors that shape effective information security operations.
Yearning is an open-source MySQL SQL audit platform built with Go and Vue.js that automates statement review, generates rollback scripts, provides audit logging, supports multi-channel notifications, and offers fine-grained permission control, with installation instructions and configuration details for rapid deployment.
The article explains how to respond to accidental MySQL data deletion by analyzing loss causes, choosing recovery methods such as mysqldump backups, binary‑log point‑in‑time restores, or Percona’s InnoDB tool, provides step‑by‑step commands, and recommends preventive practices like regular backups, transactions, and strict permissions.
This article explains how SQL injection attacks can compromise web applications and demonstrates how to securely handle user input in PHP by using the mysqli_real_escape_string function to escape special characters before constructing SQL queries, thereby protecting the database from malicious exploitation.
Learn how to secure MySQL 8 connections by enabling SSL, covering the protocol’s encryption and authentication principles, generating certificates, configuring server and client settings, and testing the encrypted connection with detailed commands and practical examples.
This article explains the concept of SQL injection, demonstrates a vulnerable query example, and provides a step‑by‑step Spring Boot and MyBatis implementation—including table creation, Java controller, service, DAO, mapper, and configuration—to illustrate how proper parameter handling prevents injection attacks.
The article examines the challenges of running MySQL in Docker containers, highlighting data‑security, performance, state, and resource‑isolation concerns, while also presenting scenarios and strategies where containerizing MySQL can be viable.
This article demonstrates how to configure transparent encryption in OceanBase 4.1.0.0 Enterprise, create encrypted and non‑encrypted tables, perform major merges, and use the ob_admin dumpsst tool to inspect macro blocks, confirming that encrypted data is not readable while non‑encrypted data is visible.
This article analyzes MySQL 8.0 password‑related parameters, explains the meaning of NULL values in the mysql.user table, demonstrates how global settings interact with per‑user attributes, and clarifies the priority rules between password_history and password_reuse_interval through practical test scenarios.
This guide explains how to prepare the environment, enable SSL transport encryption for OceanBase OBServer and ODP via OBProxy, configure certificates and whitelist settings, and verify the encryption using MySQL and RPC ports, while highlighting common pitfalls and reference links.
The 14th China Database Technology Conference (DTCC2023) showcased cutting‑edge advances in vector databases, data privacy, MySQL security, and AI‑driven intelligent operations, featuring insights from industry leaders at Huawei, Tencent, eBay, Bilibili and more.
This article examines three categories of approaches—naïve, conventional, and advanced—for enabling fuzzy queries on encrypted fields, comparing their implementation steps, performance trade‑offs, storage costs, and security implications, and provides practical examples such as in‑memory decryption, tag mapping, database functions, tokenization, and algorithm‑level designs.
This article explains why a MySQL user granted both USAGE and GRANT OPTION on a database can see schema information but cannot query table data, demonstrates the issue with local tests, and provides proper REVOKE commands to cleanly remove the conflicting permissions.
This article compares OceanBase (MySQL mode) and MySQL in terms of user management, password syntax, user locking, permission levels, grant statements, grant tables, network white‑list access control, row‑level security, and role management, highlighting similarities, differences, and migration considerations.
This article explains how to enable fuzzy search on encrypted sensitive fields such as phone numbers and ID numbers in a MySQL database by using Spring Boot, AOP, tokenized ciphertext mapping tables, and encrypted keyword queries to balance security and query performance.
The article examines a real‑world incident where an unsafe Redis command caused a $4 million loss, then demonstrates performance testing with ten million keys, shows how to disable dangerous commands, replace KEYS with SCAN, and avoid big‑key issues for safer database operations.
The SQLE 2.2302.0-pre3 release introduces a preview version of the SQL audit tool with enhanced SQL Server audit plugin, new rule support, context-aware auditing, rollback generation, and several UI optimizations, while providing links to repositories, documentation, and demo environments.
This article explains MySQL's native data encryption capabilities, detailing the AES_ENCRYPT/AES_DECRYPT functions, their parameters, storage considerations, example usage, and best‑practice recommendations for secure and efficient encryption of sensitive fields.
The article presents a transparent data‑encryption framework for database security that uses an AOP‑based driver interceptor to rewrite SQL, encrypt/decrypt sensitive fields, manage performance with locks and caching, support configurable algorithms via SPI/YAML, and guide a three‑phase migration with minimal code intrusion.
The SQLE 1.2208.0-pre3 preview release introduces several new MySQL audit rules, scenario‑based audit mode enhancements, a detailed release notes list, bug fixes, and links to documentation and previous versions, providing a comprehensive overview for database users and administrators.
This guide explains how to set up a lightweight database audit log platform using MariaDB's audit plugin, Rsyslog, and the LogAnalyzer web interface, covering environment preparation, plugin installation, syslog forwarding, MySQL schema creation, and LogAnalyzer configuration for real‑time monitoring and compliance reporting.
This article explains why the MySQL 8.0 client may report the caching_sha2_password authentication error requiring a secure connection, describes the plugin’s design, RSA and SSL mechanisms, cache behavior, and provides practical commands and replication settings to resolve the issue.
A former Lianjia database administrator was sentenced to seven years for deleting critical financial data, revealing how insider misuse of root privileges, inadequate security response, and ignored vulnerability reports can cripple a multi‑billion‑dollar enterprise, while similar incidents underscore the broader risks of insider threats.
This article explains how Sharding-JDBC can perform data masking at the persistence layer, detailing key concepts, configuration of data sources, encryptors, and tables, demonstrating practical examples with built‑in MD5 and AES encryptors, and showing how to implement custom encryptors and query‑assisted encryption for enhanced security.
This article demonstrates how to securely store and retrieve sensitive user data such as phone numbers in a MySQL database by creating a custom MyBatis TypeHandler that automatically encrypts values on insert and decrypts them on query, complete with code examples and configuration steps.
This article provides a comprehensive analysis of SQL injection vulnerabilities, covering their principles, testing tools, repair methods, and defense strategies, with practical implementation guidance for secure web application development.
Since the pandemic forced remote work, organizations must protect growing data across hybrid teams, and the article argues that open-source databases such as PostgreSQL offer stronger, more adaptable security than legacy closed-source systems by enabling rapid patching, community scrutiny, and cost-effective protection.
This article explains how to use Apache ShardingSphere's data desensitization module with Spring and Spring Boot to transparently encrypt sensitive fields such as ID numbers and bank cards, covering pain points, configuration steps, code examples, and datasource integration for compliance‑driven applications.
This article introduces d18n, a Go‑based, cross‑platform data‑desensitization tool that supports multiple databases and file formats, explains common desensitization scenarios, details its sensitive‑data identification techniques—including keyword, regex, and NLP‑based DFA—and outlines six practical masking algorithms with export and import workflows.
This article explains why encrypting sensitive customer data in databases is essential, outlines common pain points, and demonstrates how Apache ShardingSphere’s data‑desensitization module can be quickly configured in Spring (XML and Boot) to provide transparent AES encryption and decryption without altering business code.
This article explains how to use Apache ShardingSphere's encryption module to transparently store and query sensitive customer data such as ID numbers and bank cards by configuring encryption rules in Spring or Spring Boot, eliminating manual SQL encryption and simplifying compliance for legacy systems.
This tutorial explains why encrypting sensitive fields like ID numbers and bank cards is required, outlines common pain points, and shows how to configure ShardingSphere's data‑desensitization module using Spring namespace or Spring Boot with full code examples and configuration files.
This article explains why sensitive customer data must be encrypted at rest, outlines the drawbacks of manual SQL encryption and retrofitting existing systems, and provides step‑by‑step Spring and Spring Boot configurations using ShardingSphere's encryption module with full code examples.
This article explains the MySQL password expiration mechanism, introduces the relevant columns in the mysql.user table, demonstrates how to set passwords to never expire, expire after a specific interval, or expire immediately, and shows how to configure the global default_password_lifetime variable.
Learn comprehensive MySQL security strategies covering storage RAID configurations, network whitelisting, OS hardening, account management, privilege restrictions, audit logging, regular backups, data encryption, and disaster recovery to protect enterprise data against breaches and ensure stable, high‑performance operations.
This article explains MySQL's Partial Revokes feature introduced in version 8.0.16, showing how to enable the partial_revokes system variable, grant and selectively revoke SELECT privileges at both coarse and fine granularity, and verify the resulting restrictions using SHOW GRANTS and the mysql.user table.
This guide explains MySQL's three levels of user permissions, shows how to create accounts with various host specifications, demonstrates how to delete users, list existing accounts, and display a specific user's granted privileges using SQL statements.
The article reviews the evolution of database systems driven by cloud computing, big‑data demands and distributed architectures, highlights Alibaba Cloud’s cloud‑native offerings such as PolarDB and AnalyticDB, and discusses trends, security, and best practices for modern enterprise data platforms.
Over 85,000 MySQL databases are being sold on the dark web for around $550 each, with attackers automating ransom portals, demanding Bitcoin payments, and auctioning unpaid data after nine days, while victims share ransom notes across forums and Bitcoin abuse trackers monitor the growing threat.
This article provides a comprehensive overview of common MySQL attack techniques—including client‑side arbitrary file reads, SSRF‑based data extraction, server‑side file read/write, remote code execution vulnerabilities (CVE‑2016‑6662), and authentication bypass (CVE‑2012‑2122)—and supplies practical command examples and mitigation insights.
This guide explains how to obtain the MariaDB audit plugin, migrate it to a MySQL 5.7 environment, install and load the plugin, configure audit parameters, and manage audit log files and formats for effective database activity monitoring.
This guide explains three practical methods—modifying sqlnet.ora, configuring /etc/hosts.deny and /etc/hosts.allow, and applying iptables rules—to allow only specific IP addresses or subnets to connect to an Oracle 11g database and its SSH service on a CentOS server.
This article examines the prevalence of SQL injection attacks, presenting Imperva’s recent statistics, common attack vectors, real-world examples, and practical defenses such as prepared statements, input sanitization, and web application firewalls, while also offering Python code illustrations of secure and insecure database queries.
This guide explains MongoDB permission levels, clarifies common misconceptions, and provides step‑by‑step commands to create ordinary, administrative, authorization, and super‑admin users, enable authentication, and verify read/write access across multiple databases.
This article surveys MySQL audit capabilities, explains the limitations of general and binary logs, introduces several open‑source audit plugins with installation and configuration details, and compares MariaDB, Percona, and McAfee audit plugins in terms of granularity, log format, and performance impact.
This article demonstrates how to capture and analyze MySQL traffic on both unencrypted MySQL 5.7 and TLS‑encrypted MySQL 8.0 using tcpdump and Wireshark, explains the differences in packet contents, and walks through the TLS handshake process in detail.
This tutorial explains MySQL 8.0 role concepts, demonstrates how to create roles, assign them to multiple users, activate default roles, configure role parameters, and revoke roles, providing step‑by‑step examples with complete MySQL commands and explanations for effective privilege management.
The article analyzes the recent Weimeng data‑loss incident, explains why recovery took 36 hours, highlights insider abuse, and offers a practical guide for small and large teams covering reliable backups, minimal‑privilege management, and cloud‑based disaster‑recovery solutions.
The article analyzes the recent Weimeng database deletion incident, explains why recovery took 36 hours, and provides practical guidance on backup practices, minimal‑privilege management, and cloud‑based disaster recovery to prevent similar data loss in small and large organizations.
This article explains what SQL injection is, demonstrates a SQLite example that injects malicious code to drop a table, and then shows how to prevent such attacks using parameterized queries, input validation, and secure coding practices.
This weekly digest summarizes the latest MySQL community news, including a Microsoft Access security flaw, phpMyAdmin 4.9.4/5.0.1 releases, DBLE and TXLE middleware weekly reports, and a call for community feedback on DBLE, DTLE, and TXLE usage.
This article demonstrates how DBLE manages table-level DML permissions, global blacklist rules, and user‑IP whitelist controls, showing configuration steps, reload procedures, and the resulting effects on query execution and login access.
This article explains how to use Apache ShardingSphere's data‑masking (encryption) features to protect both new and existing MySQL/Oracle/PostgreSQL/SQLServer workloads, providing detailed YAML configurations, migration steps, advantages, applicable scenarios, and limitations for secure database operations.
Apache ShardingSphere provides a complete, transparent, low‑cost data masking solution that lets both new and existing applications encrypt sensitive fields without modifying business SQL, using Encrypt‑JDBC or Encrypt‑Proxy, configurable encryption rules, and step‑by‑step migration guidance for seamless, secure database transformations.
A high‑severity Redis remote command execution vulnerability (CNVD‑2019‑21763) discovered in July 2019 allows unauthenticated attackers to load malicious modules and execute arbitrary code, affecting Redis 2.x‑5.x, with no official patch yet and only temporary mitigation steps available.
This article explains the fundamentals of injection attacks, focuses on SQL injection as part of the OWASP Top 10, classifies injection vectors by data type, submission method, and impact, and provides concrete examples and defensive measures to protect web applications.
This article explains why database injection remains a critical security threat, illustrates how attackers exploit vulnerable web applications using manual techniques and automated tools such as sqlmap, and provides comprehensive defensive measures spanning secure coding, database hardening, web‑server configuration, WAF deployment, and log‑analysis to protect sensitive data.
The article explains how attackers compromise MySQL servers, create a WARNING table with ransom instructions demanding Bitcoin, and provides concrete SQL examples and four practical defense measures—including strong authentication, disabling public access, regular backups, and application hardening—to protect databases.
Database auditing involves monitoring and recording database activities to detect and prevent security breaches, with methods ranging from application layer to kernel-level implementations across different database systems.
MongoDB 3.6 introduces authentication restrictions that let you enforce IP whitelists for both client and server connections, and this guide walks through creating a user, configuring bind_ip, restarting the server, and verifying the setup with concrete commands and screenshots.
The article explains why thousands of MongoDB instances are repeatedly compromised—due to password‑less logins and public exposure—details the inherent design flaws, and describes UCloud’s UDB MongoDB security measures such as mandatory authentication, VPC isolation, data backup, and performance‑friendly connection pooling.
This comprehensive guide shares a senior DBA's hard‑learned lessons on MySQL environment awareness, security, configuration, routine operations, architecture, business understanding, and mindset, offering practical tips and tools to prevent costly mistakes and improve operational confidence.
This article explains why deterministic encryption like ECB is unsafe for sensitive data, introduces nondeterministic authenticated encryption, and provides a practical blind‑index technique with PHP and SQL examples for searchable encryption of fields such as Social Security numbers.
This comprehensive guide explains why database injection remains a critical security threat, illustrates real‑world attack techniques and toolchains, and provides layered defensive measures—from secure coding and DB‑proxy solutions to web‑server filtering, WAF deployment, and log‑analysis pipelines.
This article explains how attackers can abuse mysqldump to embed malicious SQL that runs system commands during import, demonstrates the exploit step‑by‑step, and provides practical mitigation measures such as using --skip-comments and revoking CREATE TABLE privileges.
MySQL has become a ransomware target because many servers expose the database to the internet with empty or weak passwords, so administrators should audit open ports, enforce strong authentication, restrict access via security groups or iptables, bind services to internal IPs, and avoid using root or high‑privilege accounts to harden MySQL, MongoDB, and Redis against compromise.
Thousands of MongoDB databases were erased and replaced with ransom demands, yet almost no victims recovered their data, highlighting widespread misconfigurations, public exposure on Shodan, and the urgent need for proper security hardening of MongoDB deployments.
This article outlines eight practical measures—including changing the default port, blocking public access, running MongoDB under non‑root users, enabling authentication, tightening permissions, implementing robust backup and recovery plans, and encrypting sensitive data—to dramatically improve MongoDB security and keep ransomware at bay.
This guide walks through securing MySQL/MariaDB master‑slave replication over a network using SSL encryption, covering environment setup, certificate generation, server configuration, replication testing, troubleshooting common errors, and ensuring only SSL‑based replication users can connect.
This guide explains how to create MySQL users, assign and manage privileges with GRANT, FLUSH, and REVOKE commands, and provides comprehensive best‑practice recommendations for naming, table design, indexing, and SQL optimization to secure and streamline database operations.
The article reviews the author’s experience with security testing, explains the severe risks of SQL injection, demonstrates vulnerable server‑side code, and provides practical remediation methods such as input sanitization, type casting, and using prepared statements with PDO.
This guide outlines essential MySQL security measures—including removing default accounts, disabling unsafe LOCAL INFILE commands, enforcing strict user role permissions, encrypting sensitive data, ensuring data integrity through replication and backups, and standardizing operational practices—to protect database assets from irreversible breaches.
This guide outlines comprehensive Oracle database security hardening measures, covering system‑level protections, disaster‑recovery configuration, account privilege tightening, data access controls, network restrictions, password policies, audit settings, and patch management, with concrete commands and configuration examples for each step.
This article reviews the most important MySQL 5.7 enhancements—including stronger authentication, password expiration, account locking, simplified SSL, safer initialization, updated SQL_MODE, online DDL improvements, CJK full‑text support, temporary‑table optimizations, spatial data types, and NVM‑specific tweaks—providing practical guidance and configuration examples for DBAs.
This article explains that MySQL’s default mysql.db entries grant every user full privileges on databases named test or starting with test_, demonstrates the issue with a read‑only account, and shows how deleting those rows removes the unintended access.
This article explains why MongoDB is chosen, demonstrates practical PHP injection techniques against MongoDB queries, shows how to enumerate databases and collections, and provides concrete defensive measures such as using implode(), addslashes() and regex sanitization to prevent attacks.
This article explains how granting and revoking Oracle roles, especially the DBA role, affect permission activation timing, the immediate loss of UNLIMITED TABLESPACE rights, and practical steps to restore necessary tablespace access for application users.
