GCP - Cloud SQL Enum
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Google Cloud SQL is a managed service that simplifies setting up, maintaining, and administering relational databases like MySQL, PostgreSQL, and SQL Server on Google Cloud Platform, removing the need to handle tasks like hardware provisioning, database setup, patching, and backups.
Key features of Google Cloud SQL include:
Fully Managed: Google Cloud SQL is a fully-managed service, meaning that Google handles database maintenance tasks like patching, updates, backups, and configuration.
Scalability: It provides the ability to scale your database's storage capacity and compute resources, often without downtime.
High Availability: Offers high availability configurations, ensuring your database services are reliable and can withstand zone or instance failures.
Security: Provides robust security features like data encryption, Identity and Access Management (IAM) controls, and network isolation using private IPs and VPC.
Backups and Recovery: Supports automatic backups and point-in-time recovery, helping you safeguard and restore your data.
Integration: Seamlessly integrates with other Google Cloud services, providing a comprehensive solution for building, deploying, and managing applications.
Performance: Offers performance metrics and diagnostics to monitor, troubleshoot, and improve database performance.
In the web console Cloud SQL allows the user to set the password of the database, there also a generate feature, but most importantly, MySQL allows to leave an empty password and all of them allows to set as password just the char "a":
It's also possible to configure a password policy requiring length, complexity, disabling reuse and disabling username in password. All are disabled by default.
SQL Server can be configured with Active Directory Authentication.
The database can be available in 1 zone or in multiple, of course, it's recommended to have important databases in multiple zones.
By default a Google-managed encryption key is used, but it's also possible to select a Customer-managed encryption key (CMEK).
Private IP: Indicate the VPC network and the database will get an private IP inside the network
Public IP: The database will get a public IP, but by default no-one will be able to connect
Authorized networks: Indicate public IP ranges that should be allowed to connect to the database
Private Path: If the DB is connected in some VPC, it's possible to enable this option and give other GCP services like BigQuery access over it
Daily backups: Perform automatic daily backups and indicate the number of backups you want to maintain.
Point-in-time recovery: Allows you to recover data from a specific point in time, down to a fraction of a second.
Deletion Protection: If enabled, the DB won't be able to be deleted until this feature is disabled
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)