NewsBits - Native TLS/SSL could be coming to Redis

Published

Welcome to NewsBits where you'll find the database, security, and developer news from around the net for the week ending April 27th 2018:

Now here's all those bits in full...

Database Bits

Redis and TLS/SSL - Redis has no support for TLS encryption built in. To get TLS/SSL has meant using proxies and tunnels with an impact on performance in exchange for secure connections. But in the past week, two things have happened to make it look like that's all going to change.

First, Josiah Carlson, author of Redis in Action, has announced he will be releasing a fork of Redis which incorporates native TLS/SSL support, various performance improvements and transactions for Redis Lua scripts.

Secondly, a pull request has been submitted that brings TLS/SSL support to the Redis tree. @Antirez is looking to merge the code into unstable Redis after review and the release of 5.0 RC1.

MySQL 5.7.22 - In the excitement around MySQL 8 going GA, we forgot to mention MySQL 5.7.22 was also released. The MySQL 5.7.22 release notes cover the changes which include fixes to InnoDB, replication and more. It also sees backports of MySQL 8 JSON features. This includes the renaming the JSON_MERGE() function to JSON_MERGE_PRESERVE() and adding a JSON_MERGE_PATCH() function, JSON_STORAGE_SIZE() for calculating the binary size of a JSON document and adding JSON_PRETTY() to pretty print JSON values.

PipelineDB - The PostgreSQL fork for streaming SQL queries, PipelineDB has been updated to version 0.9.9. This is set to be the last version that is a fork because version 1.0.0 is set to be a PostgreSQL extension. The developers have been busy working on Stride, their realtime analytics as a service product, though and this has put the extension-isation of PipelineDB a bit behind schedule. That said, the 0.9.9 changes prepare the way for the extension, turning streams into foreign tables and continuous views and transforms into regular PostgreSQL views. There's also performance improvements derived from the experience of running PipelineDB in big Stride instances. 1.0.0 as an extension is expected to arrive before July.

pspg 1.1 - Pspg, the handy results viewer for PostgreSQL and MySQL, has had a small but useful update adding in search history.

Security Bits

SQL Injection Wiki - One of the things database developers need to be aware of is the danger of SQL injection; the subtle corruption of SQL commands to make them do malicious things. The new NetSPI SQL Injection Wiki can be a help with that. It covers how to detect injection points in applications, how commands can be injected and the kinds of commands an attacker may perform. Examples for MySQL, Oracle and SQL Server are included. The site is an editable Wiki stored on Github for those who wish to contribute.

Developer Bits

Node.js 10.0 - Node.js has reached version 10.0 and it is a big release for the server-side JavaScript platform even though most of the changes are incremental improvements. Big ticket items include: the stabilization of the new interface for native modules (N-API), upgraded cryptographic support which should include TLS 1.3 support by October, better error management over versions, a new V8 engine with boosts to performance, better diagnostics/tracing, and promisified fs functions.

Over the months running up to October, Node.js 10 will be shaken down and, around October, declared a long term support (LTS) version. And as a final reminder, Node.js 4.0 is end-of-life on April 30th (next Monday as of writing), and Node 6 will follow it next April.

Flask 1.0 - After 8 years in the wild, Flask, the lightweight Python web framework has reached Flask version 1.0. Although stable for some time, this release marks a year of extensive work on the software and its documentation. There's also a security fix to tighten up the handling of incoming JSON.

Flog - When testing applications that analyze log files, getting your hands on log data can be tricky. Flog can help there by creating fake logs in apache (common, combined or error) and RFC3164 format.

And finally... Will Leinweber is a terrible person in the best possible way. In this tweet he reveals he's written a program which makes it appear he's typing on Slack when anyone else starts typing. And it stops when they stop. His "VGP" is also a great "hello world" for writing a Slackbot in Ruby though.

NewsBits. News in bits, every Friday at Compose.


Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at articles@compose.com. We're happy to hear from you.

Dj Walker-Morgan
Dj Walker-Morgan is Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.