Ensure that your Google Cloud MySQL database instances do not allow anyone to connect with administrative privileges only, without needing a root password. To prevent unauthorized access to your MySQL database instances and follow security best practices, make sure that the administrative user (root by default) has a password set.
By enabling "No Password" setting during MySQL instance creation and choose not to provide an administrative (root) password allows anyone to connect to the MySQL database instance using only Google Cloud administrative privileges. To adhere to security best practices, set a root password to ensure only authorized users have these privileges.
To determine if your MySQL database instances allow anyone to connect with administrative privileges only, without needing a password, perform the following operations:Note: The "No Password" setting is exposed only at the time of MySQL instance creation. Once the instance is created, the Google Cloud Platform (GCP) Console does not expose the setting to confirm whether a password for an administrative user is set to a MySQL instance. Therefore, checking for the existence of the administrative (root) password using GCP Management Console is not supported.
Remediation / Resolution
To configure a password for the administrative (root) user in order to deny MySQL database access to anyone that is trying to connect with administrative privileges, perform the following operations:
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for MySQL
- Creating instances
- Creating and managing MySQL users
- Connecting from external applications
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- MySQL Database Documentation
- 4.5.1 mysql — The MySQL Command-Line Client
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Configure Root Password for MySQL Database Access
Risk level: High