commit | 10f5392d57107ebc70b75e40f97b54c34b5bfc78 | [log] [tgz] |
---|---|---|
author | Yavor Yanchev <yavor@yanchev.com> | Mon Jan 18 17:51:22 2016 +0200 |
committer | Yavor Yanchev <yavor@yanchev.com> | Mon Jan 18 17:51:22 2016 +0200 |
tree | c0340d2c5d4b4047c51dd2f31d00cba8c22dfeac | |
parent | 93dd48dbb5590942486115db7a55aa3ac1e84ef3 [diff] |
Additional security for MySQL - it changes the default of sql_mode to include "NO_AUTO_CREATE_USER" - it will prevent the GRANT statement from automatically creating new user accounts unless authentication information is specified.
diff --git a/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql.conf b/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql.conf index 85f55ab..1583b73 100644 --- a/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql.conf +++ b/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql.conf
@@ -15,5 +15,9 @@ bind-address = 0.0.0.0 # skip-networking +#Prevent the GRANT statement from automatically creating new user accounts if it would otherwise do so, +#unless authentication information is specified +sql_mode = NO_AUTO_CREATE_USER + # Custom configuration options ${driver.mySqlServerOptionsString} \ No newline at end of file
diff --git a/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_master.conf b/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_master.conf index 791f2da..54a773b 100644 --- a/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_master.conf +++ b/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_master.conf
@@ -15,6 +15,10 @@ bind-address = 0.0.0.0 # skip-networking +#Prevent the GRANT statement from automatically creating new user accounts if it would otherwise do so, +#unless authentication information is specified +sql_mode = NO_AUTO_CREATE_USER + # Replication config server-id = 1 binlog-format = mixed
diff --git a/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_slave.conf b/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_slave.conf index 1c69423..b4af02a 100644 --- a/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_slave.conf +++ b/brooklyn-library/software/database/src/main/resources/org/apache/brooklyn/entity/database/mysql/mysql_slave.conf
@@ -16,6 +16,10 @@ bind-address = 0.0.0.0 # skip-networking +#Prevent the GRANT statement from automatically creating new user accounts if it would otherwise do so, +#unless authentication information is specified +sql_mode = NO_AUTO_CREATE_USER + # Replication config server-id = ${config["mysql.server_id"]} relay-log = mysql-slave-${config["mysql.server_id"]}-relay