- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
It is recommended to enforce all incoming connections to SQL database instances to use SSL.
SQL database connections, if successfully trapped (MITM), can reveal sensitive data like credentials, database queries, query outputs, and so on. For security, it is recommended to always use SSL encryption when connecting to your instance. This recommendation is applicable to PostgreSQL, MySQL generation 1, MySQL generation 2, and SQL Server 2017 instances.
By default, Settings: ipConfiguration
has no authorizedNetworks
set or configured. In
that case, even if requireSSL
is not set by default, which is equivalent to requireSSL:false
,
there is no risk as the instance cannot be accessed outside of the network, unless
authorizedNetworks
is configured. However, if the default for requireSSL
is not updated to
true
, any authorizedNetworks
created later on will not enforce SSL-only connections.
After enforcing SSL connections, the existing client will not be able to communicate with the SQL server, unless it is configured with appropriate client-certificates to communicate to the SQL database instance.
By default, the parameter settings: ipConfiguration: requireSSL
is not set, which is
equivalent to requireSSL:false
.
To enforce SSL encryption for an instance, run the command:
gcloud sql instances patch <INSTANCE_NAME> --require-ssl
Note: A restart is required for type MySQL Generation 1 Instances (backendType: FIRST_GEN
) for
this configuration to go into effect.