MySQL Skip Show Database Flag Should Be On
More Info:
skip_show_database’ database flag prevents people from using the SHOW DATABASES statement if they do not have the SHOW DATABASES privilege. This can improve security if you have concerns about users being able to see databases belonging to other users. Its effect depends on the SHOW DATABASES privilege: If the variable value is ON, the SHOW DATABASES statement is permitted only to users who have the SHOW DATABASES privilege, and the statement displays all database names. If the value is OFF, SHOW DATABASES is permitted to all users, but displays the names of only those databases for which the user has the SHOW DATABASES or other privilege. This recommendation is applicable to Mysql database instances.Risk Level
LowAddress
Reliability, SecurityCompliance Standards
CISGCP, CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the MySQL Skip Show Database Flag Should Be On misconfiguration for GCP using GCP console, please follow these steps:
- Go to the Google Cloud Console and select your project.
- In the left-hand menu, select “SQL” under the “Storage” section.
- Select the instance that you want to remediate.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Flags” section and click on the “Add item” button.
- In the “Name” field, enter “skip_show_database”.
- In the “Value” field, enter “ON”.
- Click on the “Save” button at the bottom of the page.
Using CLI
Using CLI
The “skip-show-database” flag in MySQL allows users to prevent the display of the list of all databases when the “SHOW DATABASES” command is executed. However, it is recommended to keep this flag turned off for security reasons.To remediate this misconfiguration in GCP using GCP CLI, you can follow these steps:
- Open the Cloud Shell in the GCP console.
-
Connect to your MySQL instance using the following command:
Replace INSTANCE_NAME with the name of your MySQL instance.
- Enter your MySQL root password when prompted.
-
Execute the following command to edit the MySQL configuration file:
- Find the line that contains “skip-show-database” and comment it out by adding a ”#” symbol at the beginning of the line.
- Save the changes by pressing “Ctrl + O” and then “Ctrl + X” to exit the editor.
-
Restart the MySQL service using the following command:
-
Verify that the “skip-show-database” flag is now turned off by executing the following command:
The output should be “skip_show_database | OFF”.
Using Python
Using Python
To remediate the MySQL Skip Show Database Flag misconfiguration in GCP using Python, follow these steps:This should output a dictionary containing the name and value of the
- First, connect to the Cloud SQL instance using the Cloud SQL Admin API. You can use the
google-authandgoogle-cloud-sqllibraries for this.
- Once you are connected to the instance, execute the following SQL command to set the
skip_show_databaseflag toON.
- Verify that the flag has been set correctly by executing the following SQL command.
skip_show_database flag.That’s it! You have successfully remediated the MySQL Skip Show Database Flag misconfiguration in GCP using Python.