Always use REQUIRE ad be specific (at least ISSUER maybe SUBJECT)
disable weak cioher
different keys cers for each client and server
Authentication encryption ???
Really delete it.
Lazy deleteiton
InnoDB data files
InnoDB redo logs
Deleted temp files
Binary logs expire_logs_days
Gootle MySQL data deleteion patch
Google encryptong patch - temp file
Deleted data frome
honey tokens are tokens that are never read
facebook account that nobody accesses
Finds trolling
SELinux AppArmro
Network isoaltion
two factor auth
verify database integrtity
Matintina tight access controls
Log everthting
Encrypt everything
No old_password=1
PAM+LDAP, SHA256 in MySQL 5.6
www.sqlhack.com passwd hacker
ASW_ENCRYPT AES DECRTYOS
slow log can show passwords
5.6, INSTALL PLUGIN validate_password SONAME 'validate_password.so'
earlier, pam plugiing
autossh - ssh tunnels
Rate limiting in rsyslogd
ssl encrutpiton cuts tps by half
Connection overhead goes through the roof
use connection pooling
Use ssh tunnel for lots of connect/disconet