MySQL Database server “enforce SSL connection” should be enabled¶
Description¶
MySQL Database server “enforce SSL connection” should be enabled. Enforcing SSL connections between your database server and your client applications helps protect against “man in the middle” attacks by encrypting the data stream between the server and your application.
Remediation Steps¶
Azure Portal¶
Navigate to SQL Servers.
Select the MySQL server.
In the left navigation under Settings, select Connection security.
In SSL settings, select Enable.
Click Save.
Azure CLI¶
To enforce SSL connection on MySQL Database server:
az mysql server update --resource-group <resourceGroupName> --name <serverName> --ssl-enforcement Enabled
Azure Resource Manager¶
Ensure that a Microsoft.DBforMySQL/servers resource contains the following:
{
"properties": {
"sslEnforcement": "Enabled"
}
# other required fields here
}
Example Configuration¶
{
"type": "Microsoft.DBforMySQL/servers",
"apiVersion": "2017-12-01",
"name": "TestServer",
"properties": {
"sslEnforcement": "Enabled"
}
# other required fields here
}
Terraform¶
Ensure that an azurerm_mysql_server resource contains the following:
ssl_enforcement_enabled
= true
Example Configuration¶
resource "azurerm_mysql_server" "example" {
ssl_enforcement_enabled = true
# other required fields here
}