{"id":2778,"date":"2019-03-19T16:01:33","date_gmt":"2019-03-19T15:01:33","guid":{"rendered":"http:\/\/dasini.net\/blog\/?p=2778"},"modified":"2020-05-27T07:58:31","modified_gmt":"2020-05-27T06:58:31","slug":"mysql-security-mysql-enterprise-data-masking-and-de-identification","status":"publish","type":"post","link":"https:\/\/dasini.net\/blog\/2019\/03\/19\/mysql-security-mysql-enterprise-data-masking-and-de-identification\/","title":{"rendered":"MySQL Security &#8211; MySQL Enterprise Data Masking and De-Identification"},"content":{"rendered":"\n<p>When thinking about security within a MySQL installation, you should consider a wide range of possible procedures \/ best practices and how they affect the security of your MySQL server and related applications. MySQL provides many tools \/ features \/ plugins in order to protect your data including some advanced features like <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/10\/mysql-security-mysql-enterprise-transparent-data-encryption\/\" target=\"_blank\">Transparent Data Encryption aka TDE<\/a>, &nbsp;<a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/04\/mysql-security-mysql-enterprise-audit\/\" target=\"_blank\">Audit<\/a>, <a href=\"http:\/\/dasini.net\/blog\/2019\/03\/19\/mysql-security-mysql-enterprise-data-masking-and-de-identification\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Data Masking &amp; De-Identification (opens in a new tab)\">Data Masking &amp; De-Identification<\/a>, <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/16\/mysql-security-mysql-enterprise-firewall\/\" target=\"_blank\">Firewall<\/a>, <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/07\/mysql-security-password-management\/\" target=\"_blank\">Password Management<\/a>, <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/\" target=\"_blank\">Password Validation Plugin<\/a>, etc&#8230;<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png\" alt=\"MySQL Security\"\/><figcaption><br><\/figcaption><\/figure><\/div>\n\n\n\n<p>In order to mitigate the effects of <strong>data breaches<\/strong>, and therefore the associated <strong>risks for your organization<\/strong>\u2019s brand and reputation, popular regulations or standards including <a rel=\"noreferrer noopener\" href=\"https:\/\/www.eugdpr.org\/\" target=\"_blank\"><strong>GDPR<\/strong><\/a>, <a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Payment_Card_Industry_Data_Security_Standard\" target=\"_blank\"><strong>PCI DSS<\/strong><\/a>, <a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Health_Insurance_Portability_and_Accountability_Act\" target=\"_blank\"><strong>HIPAA<\/strong><\/a>,\u2026 recommand (among others things) <strong>data masking<\/strong> and <strong>de-identification<\/strong>.<\/p>\n\n\n\n<p>According to <a rel=\"noreferrer noopener\" aria-label=\"Wikipedia (opens in a new tab)\" href=\"https:\/\/www.wikipedia.org\/\" target=\"_blank\">Wikipedia<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" aria-label=\"Data masking or data obfuscation (opens in a new tab)\" href=\"https:\/\/en.wikipedia.org\/wiki\/Data_masking\" target=\"_blank\">Data masking or data obfuscation<\/a> is the process of hiding original data with modified content (characters or other data.)<\/li><li><a rel=\"noreferrer noopener\" aria-label=\"De-identification (opens in a new tab)\" href=\"https:\/\/en.wikipedia.org\/wiki\/De-identification\" target=\"_blank\">De-identification<\/a> is the process used to prevent a person&rsquo;s identity from being connected with information. For example, data produced during human subject research might be de-identified to preserve research participants&rsquo; privacy.<\/li><\/ul>\n\n\n\n<p>In other words, <a rel=\"noreferrer noopener\" aria-label=\"MySQL Enterprise Data Masking and De-Identification (opens in a new tab)\" href=\"https:\/\/www.mysql.com\/products\/enterprise\/masking.html\" target=\"_blank\">MySQL Enterprise Data Masking and De-Identification<\/a>  hides sensitive information by replacing real values with substitutes in order to protect sensitive data while they are still look real and consistent.<\/p>\n\n\n\n<p>This the topic of this eight episode of this <strong>MySQL&nbsp; Security<\/strong> series (URLs to all the articles at the end of this page).<\/p>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">MySQL Enterprise Data Masking and De-Identification<\/h2>\n\n\n\n<p>The simplest way to present this MySQL feature :<br>\u00ab\u00a0<strong>A built-in database solution to help organizations protect sensitive data from unauthorized uses<\/strong>\u00ab\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/www.mysql.com\/products\/enterprise\/masking.html\" target=\"_blank\" rel=\"noreferrer noopener\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/www.mysql.com\/common\/images\/enterprise\/mysql_enterprise_masking.png?ssl=1\" alt=\"\"\/><\/a><figcaption><em>MySQL Enterprise Masking and De-identificaiton protects sensitive data from unauthorized users.<\/em><br><\/figcaption><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Note:<\/p><p>MySQL Enterprise Data Masking and De-Identification is an extension included in MySQL Enterprise Edition, a commercial product.<\/p><p>Available in MySQL 8.0, as of <strong>8.0.13<\/strong> and in MySQL 5.7, as of <strong>5.7.24<\/strong>.<\/p><\/blockquote>\n\n\n\n<p>First step, installation.<\/p>\n\n\n\n\n\n<h3 class=\"wp-block-heading\" id=\"mce_9\">Installation<\/h3>\n\n\n\n<p><strong>MySQL Enterprise Data Masking and De-Identification<\/strong>, is implemented as a plugin library file containing a plugin and user-defined functions (UDFs). <br>As usual install is easy:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mysql> \nINSTALL PLUGIN data_masking SONAME 'data_masking.so';\nCREATE FUNCTION gen_blacklist RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION gen_dictionary RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION gen_dictionary_drop RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION gen_dictionary_load RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION gen_range RETURNS INTEGER  SONAME 'data_masking.so';\nCREATE FUNCTION gen_rnd_email RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION gen_rnd_pan RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION gen_rnd_ssn RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION gen_rnd_us_phone RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION mask_inner RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION mask_outer RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION mask_pan RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION mask_pan_relaxed RETURNS STRING  SONAME 'data_masking.so';\nCREATE FUNCTION mask_ssn RETURNS STRING  SONAME 'data_masking.so';<\/code><\/pre>\n\n\n\n<p>You can check the activation of the data masking plugin:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mysql> \nSELECT PLUGIN_NAME, PLUGIN_STATUS, PLUGIN_VERSION, PLUGIN_LIBRARY, PLUGIN_DESCRIPTION \nFROM INFORMATION_SCHEMA.PLUGINS \nWHERE PLUGIN_NAME='data_masking'\\G\n*************************** 1. row ***************************\n       PLUGIN_NAME: data_masking\n     PLUGIN_STATUS: ACTIVE\n    PLUGIN_VERSION: 0.1\n    PLUGIN_LIBRARY: data_masking.so\nPLUGIN_DESCRIPTION: Data masking facilities<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><u>Note<\/u>:<\/p><p>If the plugin and UDFs are used on a master replication server, install them on all slave servers as well to avoid replication problems.<\/p><\/blockquote>\n\n\n\n<p>Uninstall is simple as well, uninstall the plugin and drop the UDFs:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mysql>\nUNINSTALL PLUGIN data_masking;\nDROP FUNCTION gen_blacklist;\nDROP FUNCTION gen_dictionary;\nDROP FUNCTION gen_dictionary_drop;\nDROP FUNCTION gen_dictionary_load;\nDROP FUNCTION gen_range;\nDROP FUNCTION gen_rnd_email;\nDROP FUNCTION gen_rnd_pan;\nDROP FUNCTION gen_rnd_ssn;\nDROP FUNCTION gen_rnd_us_phone;\nDROP FUNCTION mask_inner;\nDROP FUNCTION mask_outer;\nDROP FUNCTION mask_pan;\nDROP FUNCTION mask_pan_relaxed;\nDROP FUNCTION mask_ssn;<\/code><\/pre>\n\n\n\n<p>Now we&rsquo;re ready to play!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Data Generation<\/h3>\n\n\n\n<p>One of the nice \u00ab\u00a0side feature\u00a0\u00bb of MySQL Data Masking and De-Identification is the ability to generate business relevant datasets. Because it is not always possible to test\/simulate your application on your real dataset (indeed playing with customer credit card or security social numbers is a very bad practice) this feature is very convenient.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Generating Random Data with Specific Characteristics<\/h4>\n\n\n\n<p>Several functions are available. They start with these 4 first characters: <em><strong>gen_<\/strong><\/em> and you&rsquo;ll find the complete list <a rel=\"noreferrer noopener\" aria-label=\"here (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-usage.html#data-masking-usage-generation-functions\" target=\"_blank\">here<\/a>.<br>In this article I&rsquo;ll use the following functions :<br><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_gen-range\">gen_range<\/a>() : returns a random integer selected from a given range.<\/li><li> <a rel=\"noreferrer noopener\" aria-label=\"gen_rnd_email (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_gen-rnd-email\" target=\"_blank\">gen_rnd_email<\/a>() : returns a random email address in the example.com domain.<\/li><li> <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_gen-rnd-pan\" target=\"_blank\">gen_rnd_pan<\/a>() : returns a random payment card Primary Account Number.<\/li><li> <a rel=\"noreferrer noopener\" aria-label=\"gen_rnd_us_phone (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_gen-rnd-us-phone\" target=\"_blank\">gen_rnd_us_phone<\/a>() : returns a random U.S. phone number in the 555 area code not used for legitimate numbers.<\/li><\/ul>\n\n\n\n\n\n<h4 class=\"wp-block-heading\">Generating Random Data Using Dictionaries<\/h4>\n\n\n\n<p>Sometime you will need data with better quality. So another way to generate a relevant dataset is to use dictionaries.<\/p>\n\n\n\n<p>Again several functions are available. They also start with these 4 first characters: <em><strong>gen_<\/strong><\/em> and you&rsquo;ll find the complete list <a rel=\"noreferrer noopener\" aria-label=\"here (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-usage.html#data-masking-usage-generation-functions\" target=\"_blank\">here<\/a>.<br>I&rsquo;ll use the following functions :<br><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" aria-label=\"gen_dictionary_load (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_gen-dictionary-load\" target=\"_blank\">gen_dictionary_load<\/a>() : Loads a file into the dictionary registry and assigns the dictionary a name to be used with other functions that require a dictionary name argument.<\/li><li><a rel=\"noreferrer noopener\" aria-label=\"gen_dictionary (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_gen-dictionary\" target=\"_blank\">gen_dictionary<\/a>() : Returns a random term from a dictionary.<\/li><\/ul>\n\n\n\n<p>OK, let&rsquo;s moving forward!<br>In order to use data from a dictionary we must first load the data.<\/p>\n\n\n\n<p>A dictionary is a plain text file, with one term per line:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ head \/dict\/mq_cities.txt\nBasse-Pointe\nBellefontaine\nCase-Pilote\nDucos\nFonds-Saint-Denis\nFort-de-France\nGrand'Rivi\u00e8re\nGros-Morne\nL'Ajoupa-Bouillon\nLa Trinit\u00e9<\/code><\/pre>\n\n\n\n<p>Then we must load the dictionaries<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><u>Note<\/u>:<\/p><p>The <a rel=\"noreferrer noopener\" aria-label=\"secure_file_priv (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/server-system-variables.html#sysvar_secure_file_priv\" target=\"_blank\">secure_file_priv<\/a> variable must be set properly (usually in your my.cnf or my.ini).<\/p><\/blockquote>\n\n\n\n<pre class=\"wp-block-code\"><code>mysql> SHOW VARIABLES LIKE 'secure_file_priv'\\G\n*************************** 1. row ***************************\nVariable_name: secure_file_priv\n        Value: \/dict\/\n1 row in set (0,00 sec)\n\nmysql> SELECT gen_dictionary_load('\/dict\/Firstnames.txt', 'Firstnames')\\G\n*************************** 1. row ***************************\ngen_dictionary_load('\/dict\/Firstnames.txt', 'Firstnames'): Dictionary load success\n1 row in set (0,20 sec)\n\nmysql> SELECT gen_dictionary_load('\/dict\/Lastnames.txt', 'Lastnames')\\G\n*************************** 1. row ***************************\ngen_dictionary_load('\/dict\/Lastnames.txt', 'Lastnames'): Dictionary load success\n1 row in set (0,24 sec)\n\nmysql> SELECT gen_dictionary_load('\/dict\/JobTitles.txt', 'JobTitles')\\G\n*************************** 1. row ***************************\ngen_dictionary_load('\/dict\/JobTitles.txt', 'JobTitles'): Dictionary load success\n1 row in set (0,00 sec)\n\nmysql> SELECT gen_dictionary_load('\/dict\/BirthDates.txt', 'BirthDates')\\G\n*************************** 1. row ***************************\ngen_dictionary_load('\/dict\/BirthDates.txt', 'BirthDates'): Dictionary load success\n1 row in set (0,00 sec)\n\nmysql> SELECT gen_dictionary_load('\/dict\/mq_cities.txt', 'mq_Cities')\\G\n*************************** 1. row ***************************\ngen_dictionary_load('\/dict\/mq_cities.txt', 'mq_Cities'): Dictionary load success\n1 row in set (0,00 sec)<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><u>Note<\/u>:<\/p><p>Dictionaries are not persistent. Any dictionary used by applications must be loaded for each server startup.<\/p><\/blockquote>\n\n\n\n<p>Now I have all my bricks to build my business centric test dataset. <br>For example I can generate a random email address:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mysql> SELECT gen_rnd_email();\n+---------------------------+\n| gen_rnd_email()           |\n+---------------------------+\n| rcroe.odditdn@example.com |\n+---------------------------+<\/code><\/pre>\n\n\n\n<p>Or a random city from my dictionary of the cities of <a href=\"https:\/\/en.wikipedia.org\/wiki\/Martinique\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Martinique (opens in a new tab)\">Martinique<\/a> :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mysql> SELECT gen_dictionary('mq_Cities');\n+-------------------------------+\n| gen_dictionary('mq_Cities')   |\n+-------------------------------+\n| Fort-de-France                |\n+-------------------------------+<\/code><\/pre>\n\n\n\n<p>Awesome!<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Now let&rsquo;s use these functions to generate some random but business oriented data.<br>Below our test table called <em>sensitive_data<\/em> which contains&#8230; sensitive data :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>CREATE TABLE sensitive_data(\n    emp_id INT UNSIGNED NOT NULL AUTO_INCREMENT,\n    firstname VARCHAR(100) NOT NULL,\n    lastname VARCHAR(100) NOT NULL,\n    birth_date date,\n    email VARCHAR(100) NOT NULL,\n    phone VARCHAR(20),\n    jobTitle VARCHAR(50),\n    salary INT UNSIGNED,\n    city VARCHAR(30),\n    credit_card CHAR(19),\n    PRIMARY KEY (emp_id))\n;<\/code><\/pre>\n\n\n\n<p>I created a stored procedure (sorry but I&rsquo;m a <a href=\"https:\/\/media.makeameme.org\/created\/keep-calm-and-c7xt5s.jpg\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"DBA (opens in a new tab)\">DBA<\/a>) to fill my table with data. However a script in your favorite programming language could be a better choice:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>DELIMITER \/\/\nDROP PROCEDURE IF EXISTS add_rows;\nCREATE PROCEDURE add_rows( IN numRow TINYINT UNSIGNED)\nBEGIN\n    DECLARE cpt TINYINT UNSIGNED DEFAULT 0;\n    WHILE cpt &lt; numRow DO\n        INSERT INTO sensitive_data(firstname, lastname, birth_date, email, phone, jobTitle, salary, city, credit_card)\n        SELECT\n        gen_dictionary('Firstnames'),\n        gen_dictionary('Lastnames'),\n        gen_dictionary('BirthDates'),\n        gen_rnd_email(),\n        gen_rnd_us_phone(),\n        gen_dictionary('JobTitles'),\n        gen_range(30000, 120000),\n        gen_dictionary('mq_Cities'),\n        gen_rnd_pan()\n        FROM DUAL;\n        SET cpt = cpt + 1;\n        SELECT sleep(1);\n    END WHILE;\nEND\/\/\nDELIMITER ;\n\n\n-- Call the procedure and insert 10 rows in the table\nCALL add_rows(10);\n\n\nmysql> SELECT firstname, lastname, phone, salary, city FROM sensitive_data;\n+-----------+-----------+----------------+--------+------------------+\n| firstname | lastname  | phone          | salary | city             |\n+-----------+-----------+----------------+--------+------------------+\n| Fresh     | Daz       | 1-555-381-3165 |  78920 | Ducos            |\n| Doowon    | Vieri     | 1-555-645-3332 |  78742 | Macouba          |\n| Marsja    | Speckmann | 1-555-455-3688 |  56526 | Les Trois-\u00celets  |\n| Carrsten  | Speckmann | 1-555-264-8108 |  51253 | Fort-de-France   |\n| Yonghong  | Marrevee  | 1-555-245-0883 |  86820 | Le Lorrain       |\n| Shuji     | Magliocco | 1-555-628-3771 |  88615 | Le Marin         |\n| Luisa     | Sury      | 1-555-852-7710 | 117957 | Le Morne-Rouge   |\n| Troy      | Zobel     | 1-555-805-0270 |  78801 | Bellefontaine    |\n| Lunjin    | Pettis    | 1-555-065-0517 |  69782 | Le Pr\u00eacheur      |\n| Boriana   | Marletta  | 1-555-062-4226 |  70970 | Saint-Joseph     |\n+-----------+-----------+----------------+--------+------------------+\n10 rows in set (0,00 sec)<\/code><\/pre>\n\n\n\n<p>It looks like real data, it smells like real data, it sounds like real data but these are not real data. That&rsquo;s what we <a href=\"https:\/\/memegenerator.net\/img\/instances\/58368334\/mission-accomplished.jpg\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"wanted (opens in a new tab)\">wanted<\/a> \ud83d\ude42<\/p>\n\n\n\n\n\n<h3 class=\"wp-block-heading\">Data Masking and De-Identification<\/h3>\n\n\n\n<p>Many masking functions are available. They start with these 5 first characters: <em><strong>mask_<\/strong><\/em> and you&rsquo;ll find the complete list <a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-usage.html#data-masking-usage-masking-functions\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">here<\/a>.<br>I&rsquo;ll use the following functions :<\/p>\n\n\n\n<p><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_mask-inner\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"mask_inner (opens in a new tab)\">mask_inner<\/a>() masks the interior of its string argument, leaving the ends unmasked. Other arguments specify the sizes of the unmasked ends.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT phone, mask_inner(phone, 0, 4) FROM sensitive_data LIMIT 1;\n+----------------+-------------------------+\n| phone          | mask_inner(phone, 0, 4) |\n+----------------+-------------------------+\n| 1-555-381-3165 | XXXXXXXXXX3165          |\n+----------------+-------------------------+<\/code><\/pre>\n\n\n\n<p><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_mask-outer\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"mask_outer (opens in a new tab)\">mask_outer<\/a>() does the reverse, masking the ends of its string argument, leaving the interior unmasked. Other arguments specify the sizes of the masked ends.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT birth_date, mask_outer(birth_date, 5, 0) FROM sensitive_data LIMIT 1;\n+------------+------------------------------+\n| birth_date | mask_outer(birth_date, 5, 0) |\n+------------+------------------------------+\n| 1954-06-08 | XXXXX06-08                   |\n+------------+------------------------------+<\/code><\/pre>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\"mask_pan (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_mask-pan\" target=\"_blank\">mask_pan<\/a>() masks all but the last four digits of the number;<br><a rel=\"noreferrer noopener\" aria-label=\"mask_pan_relaxed (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_mask-pan-relaxed\" target=\"_blank\">mask_pan_relaxed<\/a>() is similar but does not mask the first six digits that indicate the payment card issuer unmasked.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT mask_pan(credit_card), mask_pan_relaxed(credit_card) FROM sensitive_data LIMIT 1;\n+-----------------------+-------------------------------+\n| mask_pan(credit_card) | mask_pan_relaxed(credit_card) |\n+-----------------------+-------------------------------+\n| XXXXXXXXXXXX4416      | 262491XXXXXX4416              |\n+-----------------------+-------------------------------+<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><u>Note<\/u>:<\/p><p>If you deal with U.S. Social Security Numbers, you could also use <a rel=\"noreferrer noopener\" aria-label=\"mask_ssn (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html#udf_mask-ssn\" target=\"_blank\">mask_ssn<\/a>() function.<\/p><p>e.g. mysql&gt; SELECT mask_ssn(gen_rnd_ssn());<\/p><\/blockquote>\n\n\n\n<p>So how to masked and de-identified customer sensitive data ?<\/p>\n\n\n\n<p><br>There are different strategies. One is to use <a rel=\"noreferrer noopener\" aria-label=\"views (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/views.html\" target=\"_blank\">views<\/a>.<br>Thus you already have a first level of security because you can choose only the columns the business need and\/or filter the rows. <br>Furthermore you have another level of  security because you can control who can access these data with relevant <a rel=\"noreferrer noopener\" aria-label=\"privileges (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/privilege-system.html\" target=\"_blank\">privileges<\/a>, with or without <a rel=\"noreferrer noopener\" aria-label=\"roles (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/roles.html\" target=\"_blank\">roles<\/a>.<\/p>\n\n\n\n<p>Let&rsquo;s see some examples:<\/p>\n\n\n\n<p><u>Ex. 1<br><\/u>Mask the firstname (<em>firstname<\/em>) &amp; the lastname (<em>lastname<\/em>)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>CREATE VIEW v1_mask AS\n  SELECT\n    mask_inner(firstname, 1, 0) AS firstname,\n    mask_outer(lastname, 3, 3) AS lastname,\n    salary\n  FROM sensitive_data;<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT * FROM v1_mask WHERE salary > 100000;\n+-----------+----------+--------+\n| firstname | lastname | salary |\n+-----------+----------+--------+\n| LXXXX     | XXXX     | 117957 |\n+-----------+----------+--------+\n<\/code><\/pre>\n\n\n\n<p><u>Ex. 2<br><\/u>Mask the credit card number (credit_card)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>CREATE VIEW v2_mask AS\n  SELECT\n    firstname,\n    lastname,\n    email,\n    phone,\n    mask_pan(credit_card) AS credit_card\n  FROM sensitive_data;  <\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT email, phone, credit_card \nFROM v2_mask \nWHERE firstname='Fresh' AND lastname='Daz';\n+---------------------------+----------------+------------------+\n| email                     | phone          | credit_card      |\n+---------------------------+----------------+------------------+\n| bcnnk.wnruava@example.com | 1-555-381-3165 | XXXXXXXXXXXX4416 |\n+---------------------------+----------------+------------------+<\/code><\/pre>\n\n\n\n<p><u>Ex. 3<br><\/u>Replace real values of employee id (<em>emp_id<\/em>) and birth date (<em>birth_date<\/em>) with random ones.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>CREATE VIEW v3_mask AS\n  SELECT\n    gen_range(1, 1000) AS emp_id,\n    FROM_DAYS(gen_range(715000, 731000)) AS birth_date,\n    jobTitle,\n    salary,\n    city \n  FROM sensitive_data;<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT DISTINCT\n    jobTitle,\n    max(salary) OVER w AS Max,\n    min(salary) OVER w AS Min,\n    AVG(salary) OVER w AS Avg\nFROM v3_mask\nWINDOW w AS (\n    PARTITION BY jobTitle\n    ROWS BETWEEN UNBOUNDED PRECEDING AND UNBOUNDED FOLLOWING\n);\n+--------------------+--------+-------+------------+\n| jobTitle           | Max    | Min   | Avg        |\n+--------------------+--------+-------+------------+\n| Assistant Engineer |  78920 | 78920 | 78920.0000 |\n| Engineer           |  88615 | 88615 | 88615.0000 |\n| Manager            |  78801 | 51253 | 65027.0000 |\n| Senior Engineer    |  86820 | 70970 | 78895.0000 |\n| Staff              |  78742 | 69782 | 74262.0000 |\n| Technique Leader   | 117957 | 56526 | 87241.5000 |\n+--------------------+--------+-------+------------+<\/code><\/pre>\n\n\n\n<p>Et voil\u00e0!<br>As a conclusion, <strong>MySQL Enterprise Masking and De-Identification<\/strong> enables organization to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Meet regulatory requirements and data privacy laws<\/li><li>Significantly reduce the risk of a data breach <\/li><li>Protect confidential information <\/li><\/ul>\n\n\n\n<p>To conclude this conclusion, I recommend to read <a rel=\"noreferrer noopener\" aria-label=\"Data Masking in MySQL (opens in a new tab)\" href=\"https:\/\/mysqlserverteam.com\/data-masking-in-mysql\/\" target=\"_blank\"><strong>Data Masking in MySQL<\/strong><\/a> blog post from the <a rel=\"noreferrer noopener\" aria-label=\"MySQL Server Blog (opens in a new tab)\" href=\"https:\/\/mysqlserverteam.com\/\" target=\"_blank\">MySQL Server Blog<\/a>.<\/p>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">MySQL Enterprise Edition<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.mysql.com\/products\/enterprise\/\" target=\"_blank\" rel=\"noreferrer noopener\">MySQL Enterprise Edition<\/a> includes the most comprehensive set of advanced features, management tools and technical support to achieve the highest levels of MySQL scalability, security, reliability, and uptime.<\/p>\n\n\n\n<p>It reduces the risk, cost, and complexity in developing, deploying, and managing business-critical MySQL applications.<\/p>\n\n\n\n<p><a href=\"https:\/\/edelivery.oracle.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">MySQL Enterprise Edition server&nbsp;Trial Download<\/a>&nbsp;(Note &#8211; Select Product Pack: MySQL Database).<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><a href=\"https:\/\/www.mysql.com\/products\/enterprise\/\" target=\"_blank\" rel=\"noreferrer noopener\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_Enterprise_Edition_600x313.png\" alt=\"MySQL Enterprise Edition\"\/><\/a><\/figure><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">In order to go further<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">MySQL Security Series<\/h3>\n\n\n\n<ol class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/\" target=\"_blank\">Password Validation Plugin<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/07\/mysql-security-password-management\/\" target=\"_blank\">Password Management<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/14\/mysql-security-user-account-locking\/\" target=\"_blank\">User Account Locking<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/29\/mysql-security-the-connection-control-plugins\/\" target=\"_blank\">The Connection-Control Plugins<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/04\/mysql-security-mysql-enterprise-audit\/\" target=\"_blank\">Enterprise Audit<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/10\/mysql-security-mysql-enterprise-transparent-data-encryption\/\" target=\"_blank\">Enterprise Transparent Data Encryption (TDE)<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/16\/mysql-security-mysql-enterprise-firewall\/\" target=\"_blank\">Enterprise Firewall<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2019\/03\/19\/mysql-security-mysql-enterprise-data-masking-and-de-identification\/\" target=\"_blank\">Enterprise Data Masking and De-Identification<\/a><\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Reference Manual<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking.html\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"MySQL Enterprise Data Masking and De-Identification (opens in a new tab)\">MySQL Enterprise Data Masking and De-Identification<\/a><\/li><li><a rel=\"noreferrer noopener\" aria-label=\"MySQL Enterprise Data Masking and De-Identification Components (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-components.html\" target=\"_blank\">MySQL Enterprise Data Masking and De-Identification Components<\/a><\/li><li><a rel=\"noreferrer noopener\" aria-label=\"Installing or Uninstalling MySQL Enterprise Data Masking and De-Identification (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-installation.html\" target=\"_blank\">Installing or Uninstalling MySQL Enterprise Data Masking and De-Identification<\/a><\/li><li><a rel=\"noreferrer noopener\" aria-label=\"Using MySQL Enterprise Data Masking and De-Identification (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-usage.html\" target=\"_blank\">Using MySQL Enterprise Data Masking and De-Identification<\/a><\/li><li><a rel=\"noreferrer noopener\" aria-label=\"MySQL Enterprise Data Masking and De-Identification User-Defined Function Reference (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/data-masking-reference.html\" target=\"_blank\">MySQL Enterprise Data Masking and De-Identification User-Defined Function Reference<\/a><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">MySQL Security<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/mysql-security-excerpt\/8.0\/en\/\" target=\"_blank\">Security in MySQL<\/a><\/li><li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/mysql-secure-deployment-guide\/8.0\/en\/\" target=\"_blank\">MySQL 8.0 Secure Deployment Guide<\/a><\/li><li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/security.html\" target=\"_blank\">MySQL 8.0 Reference Manual &#8211; Security<\/a><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Blog posts<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" aria-label=\"Exporting Masked and De-Identified Data from MySQL (opens in a new tab)\" href=\"https:\/\/mysqlserverteam.com\/exporting-masked-and-de-identified-data-from-mysql\/\" target=\"_blank\">Exporting Masked and De-Identified Data from MySQL<\/a> <\/li><li><a rel=\"noreferrer noopener\" aria-label=\"Data Masking in MySQL (opens in a new tab)\" href=\"https:\/\/mysqlserverteam.com\/data-masking-in-mysql\/\" target=\"_blank\">Data Masking in MySQL<\/a> <\/li><li><a href=\"https:\/\/medium.com\/@lstigile\/mysql-audit-logging-how-to-avoid-data-overload-e2fc9ee7b029\" target=\"_blank\" aria-label=\"MySQL Audit Logging \u2014 How to Avoid Data Overload (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"aioseop-link\">MySQL Audit Logging \u2014 How to Avoid Data Overload<\/a> <\/li><\/ul>\n\n\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><strong><span style=\"text-decoration: underline;\">MySQL Security Serie &#8211; Password Management<\/span><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a aria-label=\"Random Password Generation? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/15\/mysql-security-random-password-generation\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Random Password Generation<\/a><\/li><li><a aria-label=\"Password Expiration Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/21\/mysql-security-password-expiration-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Expiration Policy<\/a><\/li><li><a aria-label=\"Password Reuse Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/28\/mysql-security-password-reuse-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Reuse Policy<\/a><\/li><li><a aria-label=\"Password Verification-Required Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/05\/mysql-security-password-verification-required-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Verification-Required Policy<\/a><\/li><li><a aria-label=\"Failed-Login Tracking and Temporary Account Locking? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/12\/mysql-security-failed-login-tracking-and-temporary-account-locking\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Failed-Login Tracking and Temporary Account Locking<\/a><\/li><li><a href=\"http:\/\/dasini.net\/blog\/2020\/05\/19\/mysql-security-dual-password-support\/\" target=\"_blank\" aria-label=\"Dual Password Support (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Dual Password Support<\/a><\/li><\/ul>\n\n\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><strong><a rel=\"noreferrer noopener\" href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\" target=\"_blank\" class=\"aioseop-link\"><span style=\"text-decoration: underline;\">Olivier&rsquo;s MySQL Channel<\/span><\/a><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/youtu.be\/k4K-scd4oI0\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Establish a policy for password expiration with MySQL\">Establish a policy for password expiration with MySQL<\/a><\/li><li><a href=\"https:\/\/youtu.be\/VND0KvuX7bc\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Create users with a random password in MySQL\">Create users with a random password in MySQL<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=4z6-dlGT-Mc\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Enable restrictions on reuse of previous passwords with MySQL\">Enable restrictions on reuse of previous passwords with MySQL<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=1RwlU14TDWk\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Require MySQL users to provide their current password to change it\">Require MySQL users to provide their current password to change it<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=6HO_ciRbiXw\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Temporary Account Locking in MySQL\">Temporary Account Locking in MySQL<\/a><\/li><\/ul>\n\n\n<\/div><\/div>\n\n\n\n<div style=\"height:75px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-vivid-red-color has-text-color\"><strong>Thanks for using MySQL!<\/strong><\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><a href=\"https:\/\/www.linkedin.com\/groups\/12524512\/\" target=\"_blank\" rel=\"noopener\" title=\"Olivier DASINI on Linkedin\">Follow me on Linkedin<\/a><\/p>\n\n\n\n<p>Watch my videos on my <a href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier's MySQL Channel\">YouTube channel<\/a> and <a href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\/?sub_confirmation=1\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Subscribe\">subscribe<\/a>.<\/p>\n\n\n\n<p>My <a href=\"https:\/\/www.slideshare.net\/freshdaz\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier DASINI on Slideshare\">Slideshare account<\/a>.<\/p>\n\n\n\n<p>My <a href=\"https:\/\/speakerdeck.com\/freshdaz\/\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier DASINI on Speaker Deck\">Speaker Deck account<\/a>.<\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-vivid-red-color has-text-color\"><strong>Thanks for using HeatWave &amp; MySQL!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>MySQL Enterprise Data Masking and De-Identification  hides sensitive information by replacing real values with substitutes in order to protect sensitive data while they are still look real and consistent.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[203,365,339],"tags":[487,486,393,689,383,690,367],"class_list":["post-2778","post","type-post","status-publish","format-standard","hentry","category-mysql-en","category-security","category-tuto-en","tag-data-masking","tag-de-identification","tag-gdpr","tag-hipaa","tag-mysql-enterprise","tag-pci-dss","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9LfWW-IO","jetpack-related-posts":[{"id":3557,"url":"https:\/\/dasini.net\/blog\/2020\/04\/15\/mysql-security-random-password-generation\/","url_meta":{"origin":2778,"position":0},"title":"MySQL Security &#8211; Random Password Generation","author":"Olivier DASINI","date":"15 avril 2020","format":false,"excerpt":"MySQL has the capability of generating random passwords for user accounts, as an alternative to requiring explicit administrator-specified literal passwords.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/VND0KvuX7bc\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2177,"url":"https:\/\/dasini.net\/blog\/2018\/03\/14\/mysql-security-user-account-locking\/","url_meta":{"origin":2778,"position":1},"title":"MySQL Security &#8211; User Account Locking","author":"Olivier DASINI","date":"14 mars 2018","format":false,"excerpt":"For security reasons some context require you to setup a user account locking policy. Thus an unauthorized user is not able (anymore) to login to the MySQL server. In this 3rd article of the\u00a0MySQL 5.7 Security series, we\u00a0will see how to [un]lock a user account.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3567,"url":"https:\/\/dasini.net\/blog\/2020\/05\/19\/mysql-security-dual-password-support\/","url_meta":{"origin":2778,"position":2},"title":"MySQL Security &#8211; Dual Password Support","author":"Olivier DASINI","date":"19 mai 2020","format":false,"excerpt":"Dual-password capability makes it possible to seamlessly perform credential changes without downtime.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2136,"url":"https:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/","url_meta":{"origin":2778,"position":3},"title":"MySQL Security \u2013 Password Validation Plugin","author":"Olivier DASINI","date":"1 mars 2018","format":false,"excerpt":"In this article, 1st of a MySQL 5.7 Security series, we will see how to enforce Strong Passwords with Password Validation Plugin when using MySQL 5.7. Authentication with ID and password is a very simple and common (because it\u2019s simple) way to secure the access to a resource, however the\u2026","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2248,"url":"https:\/\/dasini.net\/blog\/2018\/04\/10\/mysql-security-mysql-enterprise-transparent-data-encryption\/","url_meta":{"origin":2778,"position":4},"title":"MySQL Security &#8211; MySQL Enterprise Transparent Data Encryption","author":"Olivier DASINI","date":"10 avril 2018","format":false,"excerpt":"In this sixth episode of the\u00a0MySQL Security series, we will see\u00a0how data-at-rest encryption\u00a0helps organizations implement stronger security controls and satisfy regulatory compliance. You will be able to protect the privacy of your information, prevent data breaches and help meet popular regulatory requirements including GDPR, PCI DSS, HIPAA with MySQL Enterprise\u2026","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2156,"url":"https:\/\/dasini.net\/blog\/2018\/03\/07\/mysql-security-password-management\/","url_meta":{"origin":2778,"position":5},"title":"MySQL Security \u2013 Password Management","author":"Olivier DASINI","date":"7 mars 2018","format":false,"excerpt":"Some regulations required\u00a0that the password is renewed in a timely and appropriate manner (e.g. every 90 days). In this article, 2nd of the MySQL 5.7 Security series, we will see how to\u00a0to establish a policy for password expiration\u00a0with MySQL 5.7\u00a0Password\u00a0Management.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/2778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/comments?post=2778"}],"version-history":[{"count":60,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/2778\/revisions"}],"predecessor-version":[{"id":3735,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/2778\/revisions\/3735"}],"wp:attachment":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/media?parent=2778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/categories?post=2778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/tags?post=2778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}