Documentation - V-235096

V-235096

Oracle MySQL 8.0 Security Technical Implementation Guide

CAT II

Title

MySQL Database Server 8.0 must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

Description

<VulnDiscussion>Database management includes the ability to control the number of users and user sessions utilizing a Database Management System (DBMS). Unlimited concurrent connections to the DBMS could allow a successful Denial of Service (DoS) attack by exhausting connection resources; and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks. This requirement addresses concurrent sessi...

Fix Text (Documentation Requirement)

The MySQL Database Server 8.0 is capable of enforcing this restriction. If not configured to do so, configure it to do so. Connect to the MySQL Database as an administrator. To set the global default to 50: SET PERSIST max_user_connections=50; Additionally, max user connections can be set per user as well as for a given period of time. GRANT ALL ON customer.* TO 'francis'@'localhost' WITH MAX_CONNECTIONS_PER_HOUR 5; MAX_USER_CONNECTIONS 2;

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel