Skip to content

Ensure 'master_info_repository' Is Set to 'TABLE'

Description

The master_info_repository setting determines to where a slave logs master status and connection information. The options are FILE or TABLE.

NOTE: This setting is associated with the sync_master_info setting as well.

Rationale

The password which the client uses is stored in the master info repository. This repository by default is a plaintext file.

The TABLE master info repository is a bit safer, but with filesystem access it's still possible to gain access to the password the slave is using.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { checkServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if master_info_repository option is set correctly
 */
function validate(databaseSettings) {
    const settingName = "master_info_repository"
    const expectedValue = "table"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
validate(databaseSettings);