Security

This Monday, September 8th, the Boston MySQL User Group broke our 2-month summer hiatus with a presentation on MySQL Views. The slides can be downloaded from http://www.technocation.org/files/doc/2008_09_Views.pdf -- 89 kB, .pdf format. The 199 Mb .flv file can be downloaded at http://technocation.org/node/621/download or played directly in your browser at http://technocation.org/node/621/play. The presentation covers: * Defining views, changing views, deleting views * Using views for column and row level security * Using views for schema abstraction * Simulating check constraints using views * Performance implications * How to find out which tables are views, and information about views * What a materialized view is, and that MySQL does not have them * What makes a view updateable * Problems with updateable views * How views interact with replication

Christine Peterson of Foresight Nanotech Institute asks, "Open Source Physical Security: Can We Have Both Privacy and Safety?" In this OSCon 2008 keynote, Peterson shows how increased security does not have to require loss of privacy. She introduces the concept (quote taken from that official conference description) of: citizen-controlled, privacy-oriented, verifiably limited open source security devices and procedures focused on obtaining and sharing the minimal data required for communities to satisfy the reasonable concerns of their neighbors regarding the possible presence of specific weapons able to affect them directly. The goal is to use decentralized, open source approaches to address legitimate security concerns without impacting personal privacy in other areas. The project does not require government participation. Stream directly online at http://technocation.org/node/604/play or download the 176 Mb .wmv file at http://technocation.org/node/604/download.

Josh Berkus' "Safe Data is Happy Data" (originally entitled "Lock Up Your Data") goes talks about defense in depth -- going beyond firewalls and other "perimeter defense" mechanisms such as middleware and web server tools. Berkus explains "full-stack security" including preventing SQL injection, data abstraction, database permissions, and even what to do after an attack. Stream directly online at http://technocation.org/node/591/play or download the 346 Mb .wmv file at . From the official OSCon description: "While examples will be based on PHP & PostgreSQL, they should be applicable to other platforms."

At the 2008 MySQL User Conference and Expo, Brian Miezejewski gave a workshop on "Securing MySQL for a Security Audit".

I have already blogged about this keynote at http://www.pythian.com/blogs/948/liveblogging-who-is-the-dick-on-my-site. If you are interested in actually seeing the video, the 286 Mb .wmv file can be downloaded at http://technocation.org/videos/original/mysqlconf2008/2008_04_17_panelDick.wmv and played through your browser by clicking the "play" link here. This is not to be missed!