STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021: STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:SV-235151r638812_rule
V-235151
SRG-APP-000233-DB-000124
MYS8-00-006500
CAT II
10
Check the server documentation, locate security-related database objects and code in a separate database, schema, table, or other separate security domain from database objects and code implementing application logic.
Schemas, also referred to as databases, are analogous to separate namespaces or containers used to store database objects. Security permissions apply to schemas, making them an important tool for separating and protecting database objects based on access rights. Schemas reduce the work required, and improve the flexibility, for security-related administration of a database. A MySQL schema is a named container for database objects, which allows objects to be grouped into separate namespaces.
Where possible, locate security-related database objects and code in a separate database, schema, or other separate security domain from database objects and code implementing application logic. In all cases, use GRANT, REVOKE, … , DROP ROLE statements to add and remove permissions on administrative/server-level and schema/database-level, or database object security-related objects to provide effective isolation.
Determine elements of security functionality (lists of permissions, additional authentication information, stored procedures, application specific auditing, etc.) which are being housed inside the MySQL server.
For any elements found, check MySQL to determine if these objects or code implementing security functionality are located in a separate security domain, such as a separate database, schema, or table created specifically for security functionality.
In more generic data terms, MySQL is a single database per instance with multiple schemas. MySQL uses the term database and schema interchangeably.
Run the following query to list all the user-defined schemas.
SELECT
`SCHEMATA`.`SCHEMA_NAME`
FROM `information_schema`.`SCHEMATA`
where `SCHEMA_NAME` not in ('mysql', 'information_schema', 'performance_schema','sys');
Review the database structure to determine where security-related functionality is stored.
If security-related database objects or code are not kept separate, this is a finding.
V-235151
False
MYS8-00-006500
Determine elements of security functionality (lists of permissions, additional authentication information, stored procedures, application specific auditing, etc.) which are being housed inside the MySQL server.
For any elements found, check MySQL to determine if these objects or code implementing security functionality are located in a separate security domain, such as a separate database, schema, or table created specifically for security functionality.
In more generic data terms, MySQL is a single database per instance with multiple schemas. MySQL uses the term database and schema interchangeably.
Run the following query to list all the user-defined schemas.
SELECT
`SCHEMATA`.`SCHEMA_NAME`
FROM `information_schema`.`SCHEMATA`
where `SCHEMA_NAME` not in ('mysql', 'information_schema', 'performance_schema','sys');
Review the database structure to determine where security-related functionality is stored.
If security-related database objects or code are not kept separate, this is a finding.
M
5277