Azure MariaDB database server with SSL connection disabled
ID |
mariadb_ssl_enforcement_enabled |
Severity |
high |
Vendor |
Azure |
Resource |
MariaDB Server |
Tags |
reachable |
Description
MariaDB should enforce SSL connections.
Azure Database for MariaDB is a relational database service based on the open-source MariaDB Server engine.
It supports connecting to client applications using Secure Sockets Layer (SSL).
SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted links between networked computers. The most current version is TLS 1.3, defined in RFC 8446 (August 2018).
According to SSL Microsoft guidelines, enforcing SSL connections between your database server and your client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and your application.
Enabling sslEnforcement makes sure that SSL is always enabled for accessing your database server.
Examples
ARM
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-06-01",
"type": "Microsoft.DBforMariaDB/servers",
"location": "West Europe",
"name": "bad", (1)
"properties": {
"storageProfile": {
"storageMB": "5120"
},
"sslEnforcement": "Disabled"
}
}
]
}| 1 | MariaDB server does not enforce SSL connections. |
Mitigation / Fix
Buildtime
ARM
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2018-06-01",
"type": "Microsoft.DBforMariaDB/servers",
"location": "West Europe",
"name": "good", (1)
"properties": {
"storageProfile": {
"storageMB": "5120"
},
"sslEnforcement": "Enabled"
}
}
]
}| 1 | MariaDB server enforces SSL connections. |