Merge "mariadb security best practice fixes"

2020-09-30 16:26:00 +00:00 · 2020-09-30 16:26:00 +00:00 · 724fa773ff
commit 724fa773ff
parent 5576b3644f 9a3844aac6
2 changed files with 11 additions and 1 deletions
--- a/mariadb/Chart.yaml
+++ b/mariadb/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v10.2.31
 description: OpenStack-Helm MariaDB
 name: mariadb
-version: 0.1.1
+version: 0.1.2
 home: https://mariadb.com/kb/en/
 icon: http://badges.mariadb.org/mariadb-badge-180x60.png
 sources:
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@ -365,6 +365,16 @@ conf:
      max_connections=8192
      max-connect-errors=1000000

+      # General security settings
+      # Reference: https://dev.mysql.com/doc/mysql-security-excerpt/8.0/en/general-security-issues.html
+      # secure_file_priv is set to '/home' because it is read-only, which will
+      # disable this feature completely.
+      secure_file_priv=/home
+      local_infile=0
+      symbolic_links=0
+      sql_mode="STRICT_ALL_TABLES,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
+
+
      ## Generally, it is unwise to set the query cache to be larger than 64-128M
      ## as the costs associated with maintaining the cache outweigh the performance
      ## gains.