Google sticks anti-SQL injection vaccine into MySQL MariaDB fork
Encryption tables to trip up rogue data
Google is dropping encryption into MariaDB, the fork of Oracle’s MySQL, to help shut out SQL injection attacks.
Mountain View is credited with developing and testing tablespace encryption in MariaDB Server 10.1 - the community edition of MariaDB.
The development has been branded a "major enhancement" for MariaDB security by those running the project, particularly for customers building PCI and other types of applications that need encryption at rest.
Appearing in a MariaDB community edition means Google's crypto will be picked up by commercial and non-commercial spins of the open-source database.
The news of Google’s contribution accompanied today's announcement of the Spring 2015 edition of MariaDB Enterprise. MariaDB Enterprsie Spring 2015 has been expanded to run on Red Hat Enterprise Linux 7.1, SUSE Enterprise Linux Server 12, Ubuntu 14.04 and binaries for IBM’s POWER 8 architecture.
That means Google’s SQL-injection-blocking will be available in MariaDB on three of the industry’s most popular brands of Linux.
SQL injection is one of the most frequently used tools in the hacker’s toolbox. The Open Web Application Security Project (OWASP) consistently ranks injection flaws as number one or two in its annual top-ten list of attack methods.
Google’s code shows up in the MariaDB database firewall filter. It will debut in the upcoming community MariaDB Server 10.1 and follow in a later version of MariaDB Enterprise Server that's based on community server.
Google, of course, is a MySQL convert to MariaDB. Last year it dumped MySQL 5.1 for MariaDB 10. The slide towards MariaDB and out of the Oracle orbit was first reported here by The Reg as the internet's largest flinger of ads began committing engineers to the project.
MariaDB Enterprsie Spring 2015 comprises a broad push by Maria Corporation and Foundation to button down the non-Oracle spin of MySQL as a credible platform for mobile and cloud.
Other changes include server binaries optimized to operate at 15 per cent faster than before and enhanced scalability using schema-based sharding and a binlog router – a feature developed with MariaDB user Booking.com.
The community edition of Maria Server, 10.1, will also see a range of features that feed upwards into Enterprise Edition. These include Galera Cluster 4.0 and enhancements to the InnoDB transaction engine. ®