4b9ca66416
* Create rule S6403 * init s6403 * fixes after review * Add message for omitted attributes. (#844) * Add message for omitted attributes. * Update rules/S6403/message.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * Add new source tags for code examples Co-authored-by: eric-therond-sonarsource <eric-therond-sonarsource@users.noreply.github.com> Co-authored-by: eric-therond-sonarsource <eric.therond@sonarsource.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <nils.werner@sonarsource.com>
9 lines
834 B
Plaintext
9 lines
834 B
Plaintext
By default, GCP SQL instances offer encryption in transit, with support for TLS, but insecure connections are still accepted. On an unsecured network, such as a public network, the risk of traffic being intercepted is high. When the data isn't encrypted, an attacker can intercept it and read confidential information.
|
|
|
|
When creating a GCP SQL instance, a public IP address is automatically assigned to it and connections to the SQL instance from public networks can be authorized.
|
|
|
|
TLS is automatically used when connecting to SQL instances through:
|
|
|
|
* The https://cloud.google.com/sql/docs/mysql/connect-admin-proxy[Cloud SQL Auth proxy].
|
|
* The https://cloud.google.com/sql/docs/mysql/connect-overview#languages[Java Socket Library].
|
|
* The built-in mechanisms in the https://cloud.google.com/appengine/docs[App Engine] environments. |