7.3 Ensure Passwords Are Not Stored in the Global Configuration

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The [client] section of the MySQL configuration file allows setting a user and password to be used. Verify the password option is not used in the global configuration file (my.cnf).

Solution

Use the mysql_config_editor to store authentication credentials in .mylogin.cnf in encrypted form. If not possible, use the user-specific options file, .my.cnf., and restricting file access permissions to the user identity.

See Also

https://workbench.cisecurity.org/files/1622