MySQL database instances should not have a passwordless default root user

Description

MySQL database instances have the option for NOT having a password for the administrative/root user. This is not recommended; a password should be set to ensure that only authorized users have administrative privileges.

Remediation Steps

Google Cloud Console

• Navigate to Cloud SQL instances.

• Click on the instance name to go to the Overview page.

• Click Users on the left navigation bar.

• For the root user, select Change password from the more actions icon.

• Enter in a password, and click OK.

gcloud CLI

• Set a password for a MySQL instance:

  • gcloud sql users set-password [USER_NAME] [HOST] --instance=[INSTANCE_NAME] - -password=[PASSWORD]

Documentation Links

Runtime

• Creating and managing MySQL users

• CLI: gcloud sql users set-password