June 2012 - Training for MySQL, Security Review, Subqueries

Hi Visitor, and welcome to the June 2012 issue of the Open Query Newsletter.

In this issue:

  • short news
  • protecting your customer information responsibly
  • remote services extended with Security Review
  • training schedule
  • events
  • tip: subquery performance in MariaDB 5.3

 

Short News

Some of our clients are already acquainted with Daniel Black, an experienced system and database administrator who joined us late last year. Daniel (like Lyndon) has particular expertise in the area of security, an important topic for anyone but particularly with externally facing systems.

 

Protecting Your Customer Information Responsibly

We all like to think that we look after our customers, but are we looking after their information well enough? Customers can get upset and blame you (or online service providers generically and you by implication), once they have had an identity theft or are just spammed on an email address they have rarely used. Privacy policies are pretty easy to come by but unless it matches reality it is a deception that you'll eventually get caught out on.

The Australian Privacy Amendment (Enhancing Privacy Protection) Bill 2012[1] is giving the Privacy Commissioner significant powers to enforce the Privacy Act which already applies to many classes of private sector organisations[2]. Getting caught out is like an emergency and you know how we feel about those.

Also interesting in the privacy bill is Australian Privacy Principle #2 that provides that individuals must have the option of dealing with an organisation anonymously or through use of a pseudonym in relation to a particular matter. This can be a particular useful way for your customers to select a level of protection that places a low burden on yourself. Similarly, business design aspects about collecting as little information as possible and limiting retention of data with enable your business to avoid the consequence of serious breaches. Simple things like salted passwords will significantly reduce the consequence of any password database breach on other services the customer may use where the password is the same.

Our existing proactive support already ensures that you have a backup and recovery plan that ensures your company is safe. Our security review services help ensure that you have an understanding as to what risks you're are taking, and if these aren't acceptable what actions can be taken to reduce risk and protect your business and your customer data.

There are steps that can apply at management level like:

  • keeping a risk register;
  • ensuring proper change control;
  • security evaluation on new products and service;
  • evaluating customer information and access control to balance usability and security; and
  • preparing for a breach[3].

At a technical level we can provide advice and implementation on:

  • system architecture;
  • authentication and access control;
  • operating system, web application and database privileges; and
  • web application assessment based of OWASP standards.

How you treat the security of your customers information can have a very positive effect long term.

[1] http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r4813
[2] http://privacy.gov.au/materials/types/infosheets/view/6544
[3] http://www.oaic.gov.au/publications/guidelines/privacy_guidance/Data_breach_notification_guide_April2012FINAL.pdf

 

Security Review

With this packaged 10 hour ad-hoc consulting arrangement we can help you to mitigate specific threats, e.g. "I don't want my email database stolen" or advise you on your current security status "am I susceptible to any of the OWASP Top 10 vulnerabilities?".

See http://openquery.com/services/security for more details and pricing.

 

Upcoming Training Schedule

We currently have DBA course days scheduled in Sydney and Canberra. MariaDB and related enhancements are of course covered. You can register for Open Query course days/modules individually, to suit your time, budget and current needs. Your trainers for these days are Daniel and Arjen.

If you sign up early for all three DBA days in a city, you will receive a copy of Arjen's "High Performance MySQL" book. Secure your seat today!

Sydney

Canberra

For bookings and questions, contact us today! All prices excluding GST.

 

Upcoming Events

  • Hobart TAS Australia 17-18 Aug 2012: PyCon Australia 2012, the national conference for users of the Python programming language. No specific sessions, but you can meet up with our engineer Daniel Black.
  • Cairns QLD Australia, 2-5 Oct 2012: SAGE-AU 2012, the annual conference of the Australian System Administrators' Guild. Arjen will be teaching a tutorial "MySQL Administration and Tuning Treasures".

 

Tip

MariaDB 5.3 quietly delivers what many of us have been asking for: subqueries that actually complete today. That might be a slight exageration, but it's generally known that the subquery capabilities introduced in MySQL 4.1 were not optimised, which is a nice way of saying that the development work was never properly completed. I hasten to say that was not the developers' fault, MySQL AB company commercial factors at the time saw the tickbox "subqueries" and then raced on to the next milestone (5.0 with stored procedures, for which we could tell a similar story). In any case, the same developers now work for Monty at Monty Program and have finished what they started - the results are good! When you now run a subquery, it will perform well.

 

Until next time!

Feedback welcome through http://openquery.com/contact
You can also access this issue online: http://openquery.com.au/newsletter/2012-06, other issues can be viewed at http://openquery.com.au/category/newsletter/open-query-newsletter-2014news1l6

 

-- the OQ team

We aim to keep our newsletter in plain text, apart from links. If you're reading the Open Query Newsletter online or received it via someone else, you can subscribe for your own copy through http://openquery.com/user/register and http://openquery.com.au/newsletter/confirm/add/