STIGQter STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

When invalid inputs are received, the MySQL Database Server 8.0 must behave in a predictable and documented manner that reflects organizational and system objectives.

DISA Rule

SV-235195r638812_rule

Vulnerability Number

V-235195

Group Title

SRG-APP-000447-DB-000393

Rule Version

MYS8-00-012500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the MySQL Server to behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

To validate data at the database table level modify tables by adding constraints CHECK constraint is a type of integrity constraint in SQL within the create or alter table statement.

[CONSTRAINT [symbol]] CHECK (expr) [[NOT] ENFORCED]
For example
CREATE TABLE checker (i tinyint, CONSTRAINT i_must_be_between_7_and_12 CHECK (i BETWEEN 7 AND 12 ) );
Adding a constraint to an existing table

ALTER TABLE <table_name>
ADD [CONSTRAINT [symbol]] CHECK (condition) [[NOT] ENFORCED]

Check Contents

Review the MySQL Server to ensure it behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

To determine if table check constraints that have been put in place:
SELECT * FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS;

If input validation is required beyond those enforced by the datatype and no constraints exist for data input, this is a finding.

Vulnerability Number

V-235195

Documentable

False

Rule Version

MYS8-00-012500

Severity Override Guidance

Review the MySQL Server to ensure it behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

To determine if table check constraints that have been put in place:
SELECT * FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS;

If input validation is required beyond those enforced by the datatype and no constraints exist for data input, this is a finding.

Check Content Reference

M

Target Key

5277

Comments