7.2 Ensure Passwords are Not Stored in the Global Configuration

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The [client] section of the MariaDB configuration file allows setting a user and password to be used. Verify the password option is not used in the global configuration file (mariadb.cnf).


Using the password parameter may negatively impact the confidentiality of the user's password.


The global configuration is by default readable for all users on the system. This is needed for global defaults (prompt, port, socket, etc.). If a password is present in this file then all users on the system may be able to access it.


Use the user-specific options file, .mariadb.cnf., and restricting file access permissions to the user identity.

See Also