Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
MariaDB Enterprise 10.x Security Technical Implementation Guide
SRG-APP-000296-DB-000306
SRG-APP-000296-DB-000306
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000296-DB-000306
1 Rule
<GroupDescription></GroupDescription>
MariaDB must provide logout functionality to allow the user to manually terminate a session initiated by that user.
Medium Severity
<VulnDiscussion>If a user cannot explicitly end a DBMS session, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Such logout may be explicit or implicit. Examples of explicit are clicking on a Log Out link or button in the application window; clicking the Windows Start button and selecting Log Out or Shut Down. Examples of implicit logout are closing the application's (main) window and powering off the workstation without invoking the OS shutdown. Both the explicit and implicit logouts must be detected by the DBMS. In all cases, the DBMS must ensure that the user's DBMS session and all processes owned by the session are terminated. This should not, however, interfere with batch processes/jobs initiated by the user during his/her online session; these should be permitted to run to completion. As a good programming practice, all applications should close the database connection when they finish using the resource. MariaDB will close the session when the connection is closed and release all resources associated with the session. If the connection cannot be closed, MariaDB has the five global variables to allow timeouts to occur and automatically close the connection and release all associated resources.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>