Risk Level: LOW
Description:
This plugin guarantees that SSL connections are enforced on MySQL servers. To ensure that all data is secured in transit, MySQL servers should be configured to use SSL for data transfer. Secure Sockets Layer (SSL) is supported for connecting your Azure Database for MySQL server to client apps (SSL).
PingSafe strongly recommends ensuring the connection security of each Azure Database for MySQL is configured to enforce SSL connections.
About the Service :
Azure Database for MySQL is a Microsoft cloud-based relational database service based on the MySQL Community Edition. It's a fully managed, production-ready database service that gives you greater granular control and flexibility over database administration operations and settings. Azure Database for MySQL has a wealth of features that need little to no management and are all given at no extra charge.
Impact :
Secure Sockets Layer (SSL) is supported for connecting your Azure Database for MySQL server to client apps (SSL). By encrypting the data stream between the server and your application, SSL connections between your database server and your client apps help defend against "man in the middle" attacks.
Steps to reproduce :
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home - Navigate to Azure’s All Resources.
- In the Type filter select the value as MySQL Servers and click Apply.
- Next, select the database under MySQL Databases that you want to examine.
- Click on Connection Security under Settings.
- Check if Enforce SSL connection is Enabled or not.
- Repeat the same steps for other servers as well.
Steps for remediation :
- Sign in to your Azure portal with your Azure account.
https://portal.azure.com/#home - Navigate to Azure’s All Resources.
- In the Type filter select the value as MySQL Servers and click Apply.
- Next, select the database under MySQL Databases that you want to examine.
- Click on Connection Security under Settings.
- Check if Enforce SSL connection is Enabled or not.
- If it is Disabled, click on Enable and Apply.
- Repeat the same steps for other servers as well.
References :
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support