michaelschiemer/docker/mysql/conf.d/security.cnf

[mysqld]
# Security Configuration for MariaDB
# This file hardens the database server for production use

# Network Security
bind-address = 0.0.0.0
skip-networking = false
skip-name-resolve = true

# Connection Security  
max_connections = 100
max_connect_errors = 10
max_user_connections = 50

# SSL/TLS Configuration (Enable in production)
# ssl-ca = /etc/mysql/ssl/ca-cert.pem
# ssl-cert = /etc/mysql/ssl/server-cert.pem  
# ssl-key = /etc/mysql/ssl/server-key.pem
# require_secure_transport = ON

# Authentication Security
default_authentication_plugin = mysql_native_password

# Logging Security
log-error = /var/log/mysql/error.log
general_log = ON
general_log_file = /var/log/mysql/general.log
slow_query_log = ON
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 2

# Disable dangerous functions
secure_file_priv = ""
local_infile = OFF

# Performance & Resource Limits
max_allowed_packet = 64M
innodb_buffer_pool_size = 256M
innodb_log_file_size = 64M
query_cache_size = 64M
query_cache_limit = 2M

# Character Set
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci

[mysql]
default-character-set = utf8mb4

[client]
default-character-set = utf8mb4