7.2 Ensure Passwords are Not Stored in the Global Configuration - %WINDIR%\my.cnf

Information

The [client] section of the MySQL configuration file allows setting a user and password to be used. Verify the password option is not used in the global configuration file (my.cnf).

Rationale:

Using the password parameter may negatively impact the confidentiality of the user's password.

Solution

Use the mysql_config_editor to store authentication credentials in .mylogin.cnf in encrypted form.

If not possible, use the user-specific options file, .my.cnf., and restricting file access permissions to the user identity.

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1), CSCv7|16.4

Plugin: Windows

Control ID: 9ce6a83e96906264182bd3f6e6cf4e0221ae26a0593d2f6b74c927a0147e93d8