POPULARITY
317 episodes with Ravish
10 episodes with Ravish
2 episodes with Ravish
2 episodes with Ravish
2 episodes with Ravish
2 episodes with Ravish
2 episodes with Ravish
4 episodes with Ravish
4 episodes with Ravish
From Lost In Eros – Book 1The Player's Outdoor GamesIn 10 Parts By BradentonLarry. Listen to the Podcast at Explicit Novels.Afterward, they all gradually moved toward the area in front of the maze. Three sides of a large rectangle were marked off by a low hedge only about a foot high. The fourth side was marked by a white line that seemed to be painted onto the grass, and the rectangle was divided into right and left halves by another painted line. On the far right end of the rectangle was a table with holes in it. In most of the holes were short rods, or batons, of different colors, and around each baton was a bracelet of matching coloring. In the left half of the rectangle were several women and one man, who were talking idly. While Don chewed an apple, a man entered the right side of the rectangle and took one of the baton-bracelet sets and walked over to the left half, where he offered the bracelet to one of the women there. She took it from him with a smile, slipped it on to her wrist and then jogged off toward the maze. There were two openings that Don could see, and the woman made for the one on the left. As soon as she got to that opening, she sprinted in, and the man suddenly gave chase.“If he can find her and tag her with the baton, they'll play together,” the Player explained. “If she can get back here without getting tagged, she returns the bracelet. The baton will vibrate, so he knows he's lost his quarry.”“Does that happen often?” Toshia asked. “I mean, she didn't have to accept the bracelet, did she?”“Ah, but it's all about the game and the chase,” the Player smiled. “In the maze, you have to win your playmates.”Don grinned, “I like it.”Amy, Keiko, Natalia, Marissa and Jamie all stepped over the hedge into the left half of the rectangle. Peter, Ilsa and the Player all went to the right. Peter offered his bracelet to Amy, who took her time walking to the maze and only started running when she got there. Peter took off after her. Ilsa chased Marissa, and the Player went after Jamie. Igor was sitting on one of the steps behind them, with no apparent interest in the garden or the maze.Don looked to Toshia, “I think we can walk around the maze. If there's a way out, it makes sense it will be in the outer perimeter, right?”She nodded, and they started off to the left. Don noticed that Shelonda was following along. He smiled at her and said, “You can play with the others.”“I can help you look for a way out,” she said simply, and fell into step with them. “Why do you want to get out of the garden, though? You were trying to find the garden, and we just got here.”“Well, we want to find a way to get home,” Toshia explained.“Don't you live in the Manor, with the rest of us?”“No,” Toshia said, “we're just staying here until we can figure out how to leave.”“Don't you like it here?”“It's not that simple,” Toshia said a bit impatiently.“We like it here, Shelonda,” Don tried. “It's just that there are people who aren't here that we would really like to see.”“Oh. Everybody I know lives here.”Don smiled a little, happy to have answered Shelonda's questions without upsetting her.“I am wondering about something, though,” he said to Toshia as they walked along on the grass with the wall of the Manor on their left and the high hedge of the maze on their right. “If you're right about this being a ‘different world', then is it likely that just finding a way out of this particular place will do the trick?”“It might be a start,” Toshia shrugged.“Ah, yes,” Don pointed. “It does look like there's a space between the corner of the maze and that wall of whatever it is.” It turned out to be an exceptionally dense and thorny wall of a hedge, rising up at least twenty feet, and running parallel with this left side of the maze. The three naked searchers kept walking.At the next corner, they found that there was another clearing at the back of the maze, with another fountain and some padded platforms and benches strewn about. There were two maze entrances on this side, matching the ones on the opposite side. Nobody was back here, though. Don and his companions followed along the high hedge wall on their left, which eventually swept back around run parallel to the right side of the maze. In the end, the trio found themselves back in the area at the front of the maze.Oddly enough, it was Shelonda who said, “Well, that's disappointing.”“Why do you say that, Shelonda?” Don asked.“You won't find the people you want to see.”“Well, we're not giving up,” Don said. “We just need to keep looking somewhere else; maybe in the Manor.”Toshia touched his arm and said, “Thanks, Don.”He smiled at her and said, “But after that long walk, I do think we deserve a bit of play.”Shelonda clearly thought this was a good idea, and Toshia said, “Yeah, that would be good. I wouldn't mind giving this maze game a try.”Don watched as Shelonda went to the left side of the rectangle and Toshia got a baton and bracelet, the latter of which she presented to Shelonda, who took it with a happy smile. As the cute young woman headed for the maze, Don called out, “Be careful, Toshia; the girl's got moves!”“So do I, Don,” she called back with a laugh.When Toshia took off after Shelonda, Don considered his options. He thought he might try both pursuing and being pursued, but would rather start with the first. In what he was now thinking of as the “quarry box”, he could see that Keiko and Natalia were gone, and that Marissa was now back, though there was no sign of Ilsa. There were seven other people there. Given the general mores of the Manor, he was surprised that none of these people were having sex, but seemed to be waiting patiently for someone to come and chase them. Don had no interest in chasing one of the four men, so he considered Marissa and the other three women present. One was a tall, thin woman with long, light blonde hair; another was a bit curvier, with slightly shorter light brown hair shading over to blonde; and the last was a small, very attractive black woman with Asian eyes and straight dark hair falling to her shoulders. Don thought it would be fun to have a threesome with this girl and Shelonda, and then worried if that thought was somehow racist. Still, Don really knew his first choice would be Marissa. He preferred leggy brunettes, and Marissa was certainly that, as well as gorgeous, sexy and, well, she had great tits. He hoped he would be able to hook up with the little black girl later, but he had to start with Marissa.He took the closest baton and bracelet set, and offered the latter to Marissa, who accepted it with a smile that was both friendly and a bit haughty. Don thought to himself that he would enjoy fucking her soon. He watched her legs and ass stroll over to the maze, and as soon as she bolted for the right entrance, he ran after her. Don could cover a short distance very quickly, and this was not a long distance at all. He took the sharp right turn in time to see Marissa at the end of another long straight path, and to see that she was turning to the right at the end of it.Don sprinted at full speed down the path, and threw himself around the corner after his quarry, ignoring the path to the left. He was slowed down by a series of turns and switch backs. If Marissa had gone to the left and he was stuck here, Don would have lost a lot of time on her. Then Don came to a junction where he had to decide between three paths. Two of them seemed to lead back toward the Manor side of the maze, if his sense of direction could be trusted, which it usually could, and the third appeared to double back along the way he'd come. He had thought he'd heard someone running back that way on the other side of the hedge just seconds ago, so he quickly moved into the third path. Several turns and another little sprint carried him out into one of the clearings in the maze.In the middle of this opening was another fountain shooting water straight up into the air. Around this were padded benches, several of which had couples busily copulating on them. On one of these, Jamie was straddling a supine man who was not the Player, riding up and down on him while fondling her own big tits. Don might have been distracted by all of this, except that he also saw Marissa leaving this clearing through the exit directly opposite him. Don sprang forward, stepped up onto the unoccupied bench in front of him, splashed right through the fountain and jumped over a pair of lovers on the other side, splattering them with water as he went over. He thought about apologizing but he heard them laughing, so he just tore after Marissa.He had closed quite a bit of the distance between them now, and was frequently catching glimpses of her backside as they twisted and turned through the maze. There was now no need for Don to wonder about which way to go, because he was able to track her by sight and sound quite easily. When Marissa turned sharply to the left and found herself caught in a dead end, Don almost crashed into her. She made an attempt to slip past him, but he tapped her with his baton on her upper arm. There was a buzzing sound, and Don realized the bracelet was vibrating to let Marissa know that she really had been tagged. She stopped and smiled at him, all friendliness now. Don smiled back and admired her now sweaty body and the rising and falling of her tits as she caught her breath. He needed a moment as well; it had been a vigorous chase.Before she was done breathing heavily, though, Marissa dropped to her knees in front of him, and took his cock into her mouth. Don watched from above, and it wasn't long before his cock was fully hard and he was enjoying seeing this gorgeous woman happily bobbing up and down on his thick shaft. The sensations of her warm, wet mouth moving on him were exquisite. He had assumed that they would go and find one of the clearings and a bench, but he couldn't see anything wrong with this little nook in the maze.Thinking back to the all too brief glimpse of Jamie on that bench, Don gently took his cock out of Marissa's mouth and got on his back in the warm grass. He didn't need to say anything; she promptly straddled him and pushed his cock into her hot, slick, tight cunt. She slid down on him slowly, adjusting to his girth as well as enjoying the sensation. Don couldn't help but admire the view as her statuesque body, covered with a sheen of perspiration, moved on top of him. Her dark eyes were half-closed as she began to move up and down on his cock. Don's hands moved from her hips up to her full tits. She smiled down at him and began to ride him a bit more vigorously. Don used his abs and legs to push himself up into her.“That feels so good, Don!” she breathed in her deep voice. After a while, she began to spend more time on the down strokes, grinding herself against his body. Don moved his hands back to her waist, pushing her down on him and moving her back and forth. He watched as she squeezed her tits, and then ran her hands up over her neck and face, before tossing her head back and concentrating fully on the sensations in her clit and cunt. She was rocking herself against him, as Don worked her back and forth, and moving his cock in and out of her. When she came, she arched backward, thrusting her tits up at the sky, and let out a long, low, quavering moan.Marissa held this position for several moments while the orgasm had its way with her, and then as she came back down. When she was done, she sat up and smiled down at him. Moving on his cock still, she said, “I want you to come for me, Don.”Don grinned and said, “I think that can be arranged. Get up and get on your hands and knees.” As she quickly did so, Don said, “I've been chasing that beautiful ass of yours, and I'd like to get up close to it while fucking you.”She cooed her approval, and waggled her behind at him. He wasted no time and pushed himself deep into her cunt. With his hands on her ass, Don began to fuck in and out of her deeply and steadily. Don saw her right shoulder drop a bit, and then felt her fingertips brushing against him as she played with her clit. He felt himself nearing orgasm, and when she pushed back him and started that low moaning again, he gave in and shot jet after jet of hot cum into her. As his cock spasmed inside her, Don felt Marissa's cunt squeezing him while she came again.Don held still in her until she stopped coming and then slowly pulled out of her. He leaned down and kissed her lower back, and then helped her to her feet. She staggered a bit and leaned on him for support. “Thank you, Don,” she said, “that was wonderful. I will let you catch me sooner next time.”“Where's the fun in that?” Don laughed. “No, forget I said that!”She laughed with him, and they began to find their way out of the maze. They soon came to what Don thought must be the central clearing in the maze. There was a large tree in the center of the circular area, as well as quite a few benches. There were a dozen couples in here, including Toshia and Shelonda who were engaged in a 69 at the base of the tree, Keiko who was lying back on a bench as a man Don didn't recognize went down on her, and Peter with a blonde sitting on his lap moving slowly up and down.Fighting the urge to go over to both Keiko and Toshia and Shelonda, Don continued to walk with Marissa back into the maze. It's probably against the rules, he thought, and I can't go to both anyway, plus it would be rude. They eventually came across Natalia getting well and truly fucked by a strapping young man with longish dark hair right in the middle of a four path intersection. While having a hard time taking his eyes off this sight, Don said, “They need a shortcut out of this place for after you've caught your playmate.”It was Marissa's turn to laugh and say, “Where's the fun in that?”When they finally got out of the maze, Marissa said, “I'm going to go for a quick swim. Care to join me?”“Thank you very much for the offer,” Don smiled, “but I think I'll try one more time in the maze.”He replaced the bracelet and baton he'd taken earlier and then took a place in the “quarry box”. The little black-Asian girl was still there, and she smiled at him. “Did you have fun?” she asked.“Yes, I did, thank you. Hello, I'm Don.”“I'm Nicole,” she moved closer to him. “You're new here, aren't you?”“Yes, I am.”“When did you get here?”“Um, two days ago, I guess.”“Fun, isn't it? I've been here for about a week now.”“Wait, you remember being somewhere else?” Don wished Toshia were here for this.“Yeah; funny how nobody else seems to, isn't it? I'm a college student, pre-med,” she smiled as she shook his hand, a formality that seemed silly and funny in the circumstances.“I'm a history professor,” Don said.“Oh, a hot professor; fun!” she said with a twinkle in her eye.Don laughed, and asked, “Have you found any sign of a way back?”“No, but then I really haven't been looking. I love it here! Back home all I ever did was what people expected of me; my parents, my teachers. I had no social life and hardly any fun at all. I had a bit of sex with boys, and once with my roommate, but frankly most of my sex was with my vibrator. In comparison, this is great! Besides, it's summer break anyway.”“Wait, no it isn't. It's winter, and you don't sound Australian.”“No, I'm from Chicago,” Nicole said. “That is weird, isn't it? I suppose I should be more worried about it, and after another week of this I might start getting homesick, but right now I'm having the time of my life. Speaking of which, ” She abruptly walked over to the batons and bracelets and took a set, returning to offer the bracelet to Don. “, Let's have some fun, Professor.”“Um, Okay, but I definitely want to continue this conversation,” he said as he slipped the bracelet onto his wrist, noticing that it seemed a bit elastic and fit over his hand and onto his wrist rather snugly.“Cool, as long as we do it naked,” she smiled. “Now get going. Make me work for it.”Temporarily setting aside the questions that were suddenly jostling for his attention, Don tried to focus on the game at hand. He thought it made sense for him to use the right entrance again, since he had some familiarity with the path that way. He took off into the maze, and quickly made his way through the twists and turns, sticking to the path Marissa and he had followed, not taking any risks of ending up in a dead end. He almost crashed into Jamie and her partner who were trying to find their way out of the maze. Fortunately Jamie saw the finger Don held to his pursed lips and didn't say, “Hi Don!” At the first clearing, with the fountain where he'd seen Jamie earlier, he made his first deviation from the course he'd run earlier, skirting around the fountain and benches and going into a path to the right. After more twists and turns and a few arbitrary choices, Don came to a small widening of the path, in the middle of which was a little bench, about the size of an ottoman. He thought he was near the far right edge of the maze, about half way in. He had no idea where Nicole was, though she was clearly not right on his heels. Don decided there was no harm in stopping for a bit to catch his breath. After all, with the different paths through the maze, there was always a chance that he would actually run right into Nicole. So, Don sat down on the bench, and tried to listen for sounds of pursuit.After a while, he thought he heard the sound of someone walking on the grass in a nearby path. Then there was the sound of someone running, coming from the direction opposite the one he'd come from. He turned to see Amy running straight for him, being chased by Ilsa, both of them with tits jiggling wildly. He made the same shushing gesture that had worked so well with Jamie, but Amy just laughed and shouted, “Hi Don!” as she rocketed past him. Ilsa laughed as she passed him in the next second.“Fuck!” he said under his breath, and got up from the bench, listening for any sign that Nicole had heard his name. Unfortunately, Amy and Ilsa were still nearby, crashing about and laughing. Don looked down the way he'd came, saw nothing, and then turned to look up the other way, only to see Nicole right there, grinning at him. He jumped a little, but before he could make a break for it, her baton hit him in the chest and his bracelet buzzed.“Gotcha!” she laughed. She dropped the baton on the ground and threw her arms around his neck, smiling broadly. “Ravish me, Professor.”Don chuckled and took her in his arms. Her small tits were pressed against his chest tightly, and his cock was rising between her thighs. He ran his hands over her lower back and squeezed her ass as he lowered his mouth and kissed her. She responded eagerly, pushing her tongue into his mouth and then sucking on his when he returned the favor.Holding on to her cheeks Don lifted her easily off the ground. He turned her around and laid her down on the bench. Breaking their kiss, he stood up and then kneeled between her legs, which she spread eagerly. He bent down, put her legs up on his shoulders and then pushed upward, pulling her forward as he did. Nicole was at an angle with her shoulders, neck and back of her head on the bench, and her legs crossed behind Don's neck. This put her cunt right in front of his mouth. He held her ass up in his hands and began to do as she had asked; ravish her with his mouth and tongue. He sank his long tongue into her exposed cunt, reveling in the sweet taste of her nectar, and then flicked his tongue over her clit. Then Don sucked her clit into his mouth, pulling on it. Nicole squealed and squirmed. Soon Don was lapping steadily at her clit, as his chin pressed against the mouth of her cunt.It didn't take much of this to pull Nicole into a violent, and loud, orgasm. Afterward, Don lowered her and stood up. Nicole, seeing his hard cock standing up in front of him, scooted back on the bench, so that her ass was on it again, and then sat up to grab Don's cock and begin sucking on it. If she hadn't had much experience before she got to the Manor, she had certainly made up for it since. Nicole was bobbing her mouth on him like a pro, while stroking his shaft purposefully. This train of thought gave Don another idea.He pushed her away from his cock, and coaxed her up off the bench. He then lied down on it. She quickly straddled him, with her feet on the grass on either side. She took his cock in hand and, holding it up, managed to get the head into her cunt. Very slowly, she sank down on him. Then, leaning forward a bit, she rested her hands on his chest and began to ride up and down on him. “Umm, this feels so good,” she said with a smile.“So, you've been here a week,” Don said as he rocked his hips to help stimulate her, “what's the wildest thing you've done?”She smiled down at him, “Um, well, it's a toss-up really. I think it was my second day, and I found my way into this big steam room. There were a bunch of guys in there. I was being a little coy, still, but I was really turned on by being the only girl in there with all those naked guys. This guy next to me was looking me over and kind of stroking his cock; not really jerking off, just playing with it; and it was pretty big, so I just leaned over and started sucking him. I felt so slutty, but also incredibly hot. Well, I'm there sucking on this guy and I feel hands on me; all over me. There were at least two guys, playing with my tits and squeezing my ass. I spread my legs so they could get at my cunt. I was sucking on this guy's cock, and other guys I couldn't even really see were fingering me. I came right there, and when I was done, I was on my back on a bench in there, and there was a guy getting ready to fuck me. I could have said something, I'm sure, but I really just wanted to get fucked, so I let them. I let every guy there fuck me. Some of them came inside me and a lot came all over my stomach and tits. I think there were like twelve guys in there, and some of them went twice. I must have come like twenty times.”“Wow; good story,” Don smiled.
Are YouTubers like Ravish Kumar, Ajit Anjum, and others aligning with Congress behind the scenes? Reports suggest that several prominent media personalities might be part of a Congress committee, raising questions about political influence in digital journalism. Meanwhile, Rahul Gandhi faces fresh criticism—what's the latest controversy surrounding him?
djravish.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
Picking up from Part 1, hosts Lois Houston and Nikita Abraham continue their deep dive into MySQL security with MySQL Solution Engineer Ravish Patel. In this episode, they focus on user authentication techniques and tools such as MySQL Enterprise Audit and MySQL Enterprise Firewall. MySQL 8.4 Essentials: https://mylearn.oracle.com/ou/course/mysql-84-essentials/141332/226362 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. -------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead of Editorial Services with Oracle University, and with me is Lois Houston, Director of Innovation Programs. Lois: Hi everyone! Last week, we began exploring MySQL security, covering regulatory compliance and common security threats. Nikita: This week, we're continuing the conversation by digging deeper into MySQL's user authentication methods and taking a closer look at some powerful security tools in the MySQL Enterprise suite. 00:57 Lois: And we're joined once again by Ravish Patel, a MySQL Solution Engineer here at Oracle. Welcome, Ravish! How does user authentication work in MySQL? Ravish: MySQL authenticates users by storing account details in a system database. These accounts are authenticated with three elements, username and hostname commonly separated with an @ sign along with a password. The account identifier has the username and host. The host identifier specifies where the user connects from. It specifies either a DNS hostname or an IP address. You can use a wild card as part of the hostname or IP address if you want to allow this username to connect from a range of hosts. If the host value is just the percent sign wildcard, then that username can connect from any host. Similarly, if you create the user account with an empty host, then the user can connect from any host. 01:55 Lois: Ravish, can MySQL Enterprise Edition integrate with an organization's existing accounts? Ravish: MySQL Enterprise authentication integrates with existing authentication mechanisms in your infrastructure. This enables centralized account management, policies, and authentication based on group membership and assigned corporate roles, and MySQL supports a wide range of authentication plugins. If your organization uses Linux, you might already be familiar with PAM, also known as Pluggable Authentication Module. This is a standard interface in Linux and can be used to authenticate to MySQL. Kerberos is another widely used standard for granting authorization using a centralized service. The FIDO Alliance, short for Fast Identify Online, promotes an interface for passwordless authentication. This includes methods for authenticating with biometrics RUSB security tokens. And MySQL even supports logging into centralized authentication services that use LDAP, including having a dedicated plugin to connect to Windows domains. 03:05 Nikita: So, once users are authenticated, how does MySQL handle user authorization? Ravish: The MySQL privilege system uses the GRANT keyword. This grants some privilege X on some object Y to some user Z, and optionally gives you permission to grant the same privilege to others. These can be global administrative privileges that enable users to perform tasks at the server level, or they can be database-specific privileges that allow users to modify the structure or data within a database. 03:39 Lois: What about database privileges? Ravish: Database privileges can be fine-grained from the largest to the smallest. At the database level, you can permit users to create, alter, and delete whole databases. The same privileges apply at the table, view, index, and stored procedure levels. And in addition, you can control who can execute stored procedures and whether they do so with their own identity or with the privileges of the procedure's owner. For tables, you can control who can select, insert, update, and delete rows in those tables. You can even specify the column level, who can select, insert, and update data in those columns. Now, any privileged system carries with it the risk that you might forget an important password and lock yourself out. In MySQL, if you forget the password to the root account and don't have any other admin-level accounts, you will not be able to administer the MySQL server. 04:39 Nikita: Is there a way around this? Ravish: There is a way around this as long as you have physical access to the server that runs the MySQL process. If you launch the MySQL process with the --skip grant tables option, then MySQL will not load the privilege tables from the system database when it starts. This is clearly a dangerous thing to do, so MySQL also implicitly disables network access when you use that option to prevent users from connecting over the network. When you use this option, any client connection to MySQL succeeds and has root privileges. This means you should control who has shell access to the server during this time and you should restart the server or enable privileged system with the command flush privileges as soon as you have changed the root password. The privileges we have already discussed are built into MySQL and are always available. MySQL also makes use of dynamic privileges, which are privileges that are enabled at runtime and which can be granted once they are enabled. In addition, plugins and components can define privileges that relate to features of those plugins. For example, the enterprise firewall plugin defines the firewall admin privilege and the audit admin privilege is defined by the enterprise audit plugin. 06:04 Are you working towards an Oracle Certification this year? Join us at one of our certification prep live events in the Oracle University Learning Community. Get insider tips from seasoned experts and learn from others who have already taken their certifications. Go to community.oracle.com/ou to jump-start your journey towards certification today! 06:28 Nikita: Welcome back! Ravish, I want to move on to MySQL Enterprise security tools. Could you start with MySQL Enterprise Audit? Ravish: MySQL Enterprise Audit is an extension available in Enterprise Edition that makes it easier to comply with regulations that require observability and control over who does what in your database servers. It provides visibility of connections, authentication, and individual operations. This is a necessary part of compliance with various regulations, including GDPR, NIS2, HIPAA, and so on. You can control who has access to the audited events so that the audits themselves are protected. As well as configuring what you audit, you can also configure rotation policies so that unmonitored audit logs don't fill up your storage space. The configuration can be performed while the server is running with minimal effect on production applications. You don't need to restart the server to enable or disable auditing or to change the filtering options. You can output the audit logs in either XML or JSON format, depending on how you want to perform further searching and processing. If you need it, you can compress the logs to save space and you can encrypt the logs to provide address protection of audited identities and data modifications. The extension is available either as a component or if you prefer, as the legacy plugin. 07:53 Lois: But how does it all work? Ravish: Well, first, as a DBA, you'll enable the audit plugin and attach it to your running server. You can then configure filters to audit your connections and queries and record who does what, when they do it, and so on. Then once the system is up and running, it audits whenever a user authenticates, accesses data, or even when they perform schema changes. The logs are recorded in whatever format that you have configured. You can then monitor the audited events at will with MySQL tools such as Workbench or with any software that can view and manipulate XML or JSON files. You can even configure Enterprise Audit to export the logs to an external Audit Vault, enabling collection, and archiving of audit information from all over your enterprise. In general, you won't audit every action on every server. You can configure filters to control what specific information ends up in the logs. 08:50 Nikita: Why is this sort of filtering necessary, Ravish? Ravish: As a DBA, this enables you to create a custom designed audit process to monitor things that you're really interested in. Rules can be general or very fine grained, which enables you to reduce the overall log size, reduces the performance impact on the database server and underlying storage, makes it easier to process the log file once you've gathered data, and filters are configured with the easily used JSON file format. 09:18 Nikita: So what information is audited? Ravish: You can see who did what, when they did it, what commands they use, and whether they succeeded. You can also see where they connected from, which can be useful when identifying man in the middle attacks or stolen credentials. The log also records any available client information, including software versions and information about the operating system and much more. 09:42 Lois: Can you tell us about MySQL Enterprise Firewall, which I understand is a specific tool to learn and protect the SQL statements that MySQL executes? Ravish: MySQL Enterprise Firewall can be enabled on MySQL Enterprise Edition with a plugin. It uses an allow list to set policies for acceptable queries. You can apply this allow list to either specific accounts or groups. Queries are protected in real time. Every query that executes is verified per server and checked to make sure that it conforms to query structures that are defined in the allow list. This makes it very useful to block SQL injection attacks. Only transactions that match well-formed queries in the allow list are permitted. So any attempt to inject other types of SQL statements are blocked. Not only does it block such statements, but it also sends an alert to the MySQL error log in real time. This gives you visibility on any security gaps in your applications. The Enterprise Firewall has a learning mode during which you can train the firewall to identify the correct sort of query. This makes it easy to create the allow list based on a known good workload that you can create during development before your application goes live. 10:59 Lois: Does MySQL Enterprise Firewall operate seamlessly and transparently with applications? Ravish: Your application simply submits queries as normal and the firewall monitors incoming queries with no application changes required. When you use the Enterprise Firewall, you don't need to change your application. It can submit statements as normal to the MySQL server. This adds an extra layer of protection in your applications without requiring any additional application code so that you can protect against malicious SQL injection attacks. This not only applies to your application, but also to any client that configured user runs. 11:37 Nikita: How does this firewall system work? Ravish: When the application submits a SQL statement, the firewall verifies that the statement is in a form that matches the policy defined in the allow list before it passes to the server for execution. It blocks any statement that is in a form that's outside of policy. In many cases, a badly formed query can only be executed if there is some bug in the application's data validation. You can use the firewall's detection and alerting features to let when it blocks such a query, which will help you quickly detect such bugs, even when the firewall continues to block the malicious queries. 12:14 Lois: Can you take us through some of the encryption and masking features available in MySQL Enterprise Edition? Ravish: Transparent data encryption is a great way to protect against physical security disclosure. If someone gains access to the database files on the file system through a vulnerability of the operating system, or even if you've had a laptop stolen, your data will still be protected. This is called Data at Rest Encryption. It protects not only the data rows in tablespaces, but also other locations that store some version of the data, such as undo logs, redo logs, binary logs and relay logs. It is a strong encryption using the AES 256 algorithm. Once we enable transparent data encryption, it is, of course, transparent to the client software, applications, and users. Applications continue to submit SQL statements, and the encryption and decryptions happen in flight. The application code does not need to change. All data types, table structure, and database names remain the same. It's even transparent to the DBAs. The same data types, table structure, and so on is still how the DBA interacts with the system while creating indexes, views, and procedures. In fact, DBAs don't even need to be in possession of any encryption keys to perform their admin tasks. It is entirely transparent. 13:32 Nikita: What kind of management is required for encryption? Ravish: There is, of course, some key management required at the outside. You must keep the keys safe and put policies in place so that you store and rotate keys effectively, and ensure that you can recover those keys in the event of some disaster. This key management integrates with common standards, including KMIP and KMS. 13:53 Lois: Before we close, I want to ask you about the role of data masking in MySQL. Ravish: Data masking is when we replace some part of the private information with a placeholder. You can mask portions of a string based on the string position using the letter X or some other character. You can also create a table that contains a dictionary of suitable replacement words and use that dictionary to mask values in your data. There are specific functions that work with known formats of data, for example, social security numbers as used in the United States, national insurance numbers from the United Kingdom, and Canadian social insurance numbers. You can also mask various account numbers, such as primary account numbers like credit cards or IBAN numbers as used in the European Bank system. There are also functions to generate random values, which can be useful in test databases. This might be a random number within some range, or an email address, or a compliant credit card number, or social security number. You can also create random information using the dictionary table that contains suitable example values. 14:58 Nikita: Thank you, Ravish, for taking us through MySQL security. We really cannot overstate the importance of this, especially in today's data-driven world. Lois: That's right, Niki. Cyber threats are increasingly sophisticated these days. You really have to be on your toes when it comes to security. If you're interested in learning more about this, the MySQL 8.4 Essentials course on mylearn.oracle.com is a great next step. Nikita: We'd also love to hear your thoughts on our podcast so please feel free to share your comments, suggestions, or questions by emailing us at ou-podcast_ww@oracle.com. That's ou-podcast_ww@oracle.com. In our next episode, we'll journey into the world of MySQL backups. Until then, this is Nikita Abraham… Nikita: And Lois Houston, signing off! 15:51 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
djravish.com djchico.com
djravish.com djchico.com
djravish.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com
Security takes center stage in this episode as Lois Houston and Nikita Abraham are joined by MySQL Solution Engineer Ravish Patel. Together, they explore MySQL's security features, addressing key topics like regulatory compliance. Ravish also shares insights on protecting data through encryption, activity monitoring, and access control to guard against threats like SQL injection and malware. MySQL 8.4 Essentials: https://mylearn.oracle.com/ou/course/mysql-84-essentials/141332/226362 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. --------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me today is Nikita Abraham, Team Lead of Editorial Services. Nikita: Hey everyone! In our last episode, we took a look at MySQL database design. Today is the first of a two-part episode on MySQL security. Lois: In Part 1, we'll discuss how MySQL supports regulatory compliance and how to spot and handle common security risks. 00:55 Nikita: Joining us today is Ravish Patel, a MySQL Solution Engineer at Oracle. Hi Ravish! Let's start by talking about how MySQL supports regulatory compliance. 01:06 Ravish: Some of the most important international regulations that we have surrounding data and organizations include the GDPR, HIPAA, Sarbanes-Oxley, the UK Data Protection Act, and the NIS2. Although each regulatory framework differs in the details, in general, you must be able to comply with certain key requirements and all of which are enabled by MySQL. First, you must be able to monitor user activity on the system, which includes keeping track of when new users are created, when the schema changes, and when backups are taken and used. You must protect data, for example, by ensuring that databases that are stored on disk are encrypted at REST and ensuring that only authorized users have privileges to access and modify the data. You must have the appropriate retention policies in place for your data, ensuring that backups are held securely and used only for the purpose intended. You must be able to audit access to the data so that you can trace which users gained access to records or when they were modified. All of these facilities are available in MySQL, either as part of the core community edition features or made available through enterprise features. 02:21 Lois: What kind of risks might we encounter, Ravish, and how can we address them? Ravish: As your system grows in complexity, you're likely going to have more risks associated with it. Some of those risks are associated with the human factors that come with any computer system. These might be errors that are introduced when people perform work on the system, either administrative work on the environment or database or work that developers and testers perform when working on a changing system. You might even have malicious users trying to exploit the system or good faith users or support staff who make changes without proper consideration or protection from knock-on effects. At the foundation are the necessary components of the system, each of which might be vulnerable to human error or malicious actors. Every piece of the system exposes possible risks, whether that's the application presented to users, the underlying database, the operating system or network that it works on, or processes such as backups that place copies of your data in other locations. More complex environments add more risks. High availability architectures multiply the number of active systems. Consolidating multiple application databases on a single server exposes every database to multiple vectors for bugs and human error. Older, less well supported applications might give more challenges for maintenance. Engaging external contractors might reduce your control over authorized users. And working in the cloud can increase your network footprint and your reliance on external vendors. 03:53 Nikita: What are risks that specifically impact the database? Ravish: The database server configuration might not be optimal. And this can be changed by users with proper access. To mitigate this risk, you might enable version control of the configuration files and ensure that only certain users are authorized. Application and administrator accounts might have more data privileges than required, which adds risk of human error or malicious behavior. To mitigate this, you should ensure that users are only granted necessary permissions. In particular, structural modifications and administrative tasks might be more widely accessible than desired. Not every developer needs full administrative rights on a database. And certainly, an application should not have such privileges. You should limit administrative privileges only to those users who need that authorization. 04:45 Nikita: Okay, quick question, Ravish. How do authentication and password security fit into this picture? Ravish: Authentication is often a weak point. And password security is one of the most common issues in large applications. Ensure that you have strong password policies in place. And consider using authentication mechanisms that don't solely rely on passwords, such as pass-through authentication or multifactor authentication. 05:11 Lois: So, it sounds like auditing operations are a critical part of this process, right? Ravish: When something bad happens, you can only repair it or learn from it if you know exactly what has happened and how. You should ensure that you audit key operations so you can recover from error or malicious actions. If a developer laptop is lost or stolen or someone gains access to an underlying operating system, then your data might become vulnerable. You can mitigate this by encrypting your data in place. This also applies to backups and, where possible, securing the connection between your application and the database to encrypt data in flight. 05:54 Did you know that Oracle University offers free courses on Oracle Cloud Infrastructure? You'll find training on everything from multicloud, database, networking, and security to artificial intelligence and machine learning, all free for our subscribers. So, what are you waiting for? Pick a topic, head over to mylearn.oracle.com and get started. 06:18 Nikita: Welcome back! Before the break, we touched on the importance of auditing. Now, Ravish, what role does encryption play in securing these operations? Ravish: Encryption is only useful if the keys are secure. Make sure to keep your encryption assets secure, perhaps by using a key vault. Every backup that you take contains a copy of your data. If these backups are not kept securely, then you are at risk, just as if your database wasn't secure. So keep your backups encrypted. 06:47 Lois: From what we've covered so far, it's clear that monitoring is essential for database security. Is that right? Ravish: Without monitoring, you can't track what happens on an ongoing basis. For example, you will not be aware of a denial-of-service attack until the application slows down or becomes unavailable. If you implement monitoring, you can identify a compromised user account or unusual query traffic as it happens. A poorly coded application might enable queries that do more than they should. A database firewall can be configured to permit only queries that conform to a specific pattern. 07:24 Nikita: There are so many potential types of attacks out there, right? Could you tell us about some specific ones, like SQL injection and buffer overflow attacks? Ravish: A SQL injection attack is a particular form of attack that modifies a SQL command to inject a different command to the one that was intended by the developer. You can configure an allow list in a database firewall to block such queries and perform a comprehensive input validation inside the application so that such queries cannot be inserted. A buffer overflow attack attempts to input more data than can fit in the appropriate memory location. These are usually possible when there is an unpatched bug in the application or even in the database or operating system software. Validation and the database firewall can catch this sort of attack before it even hits the database. And frequent patching of the platforms can mitigate risks that come from unpatched bugs. Malicious acts from inside the organization might also be possible. So good access control and authorization can prevent this. And monitoring and auditing can detect it if it occurs. 08:33 Lois: What about brute force attacks? How do they work? Ravish: A brute force attack is when someone tries passwords repeatedly until they find the correct one. MySQL can lock out an account if there have been too many incorrect attempts. Someone who has access to the physical network on which the application and database communicate can monitor or eavesdrop that network. However, if you encrypt the communications in flight, perhaps by using TLS or SSL connections, then that communication cannot be monitored. 09:04 Nikita: How do the more common threats like malware, Trojan horses, and ransomware impact database security? Ravish: Malware, ransomware, and Trojan horses can be a problem if they get to the server platforms or if client systems are compromised and have too much permissions. If the account that is compromised has only limited access and if the database is encrypted in place, then you can minimize the risks associated even if such an event occurs. There are also several risks directly associated with people who want to do the harm. So it's vital to protect personal information from any kind of disclosure, particularly sensitive information, such as credit card numbers. Encryption and access control can protect against this. 09:49 Lois: And then there are denial-of-service and spoofing attacks as well, right? How can we prevent those? Ravish: A denial-of-service attack prevents users from accessing the system. You can prevent any single user from performing too many queries by setting resource users limits. And you can limit the total number of connections as well. Sometimes, a user might gain access to a privileged level that is not appropriate. Password protection, multifactor authentication, and proper access control will protect against this. And auditing will help you discover if it has occurred. A spoofing attack is when an attacker intercepts and uses information to authenticate a user. This can be mitigated with strong access control and password policies. An attacker might attempt to modify or delete data or even auditing information. Again, this can be mitigated with tighter access controls and caught with monitoring and auditing. If the attack is successful, you can recover from it easily if you have a strong backup strategy in place. 10:50 Nikita: Ravish, are there any overarching best practices for keeping a database secure? Ravish: The MySQL installation itself should be kept up-to-date. This is the easiest if you install from a package manager on Windows or Linux. Your authentication systems should be kept strong with password policies or additional authentication systems that supplement or replace passwords entirely. Authorization should be kept tightly controlled by minimizing the number of active accounts and ensuring that those accounts have only the minimal privileges. You should control and monitor changes on the system. You can limit such changes with the database firewall and with tight access controls and observe changes with monitoring, auditing, and logging. Data encryption is also necessary to protect data from disclosure. MySQL supports encryption in place with Transparent Data Encryption, also known as TDE, and a variety of encryption functions and features. And you can encrypt data in flight with SSL or TLS. And of course, it's not just about the database itself but how it's used in the wider enterprise. You should ensure that replicas are secure and that your disaster recovery procedures do not open up to additional risks. And keep your backups encrypted. 12:06 Lois: Is there anything else we should keep in mind as part of these best practices? Ravish: The database environment is also worth paying attention to. The operating system and network should be as secure as you can keep them. You should keep your platform software patched so that you are protected from known exploits caused by bugs. If your operating system has hardening guidelines, you should always follow those. And the Center of Internet Security maintains a set of benchmarks with configuration recommendations for many products designed to protect against threats. 12:38 Nikita: And that's a wrap on Part 1! Thank you, Ravish, for guiding us through MySQL's role in ensuring compliance and telling us about the various types of attacks. If you want to dive deeper into these topics, head over to mylearn.oracle.com to explore the MySQL 8.4 Essentials course. Lois: In our next episode, we'll continue to explore how user authentication works in MySQL and look at a few interesting MySQL Enterprise security tools that are available. Until then, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 13:12 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
djravish.com
djravish.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
Big Meltdown on Waqf | Reactions on Bangladesh - Arfa, Zubair, Ravish, Ajit Anjum | Harsh Kumar
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
djravish.com djchico.com
© 2020-2025 Ivy Podcast Discovery LLC
