Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10584

Obscure plain text passwords from server logs

Details

    • New Feature
    • Status: Open (View Workflow)
    • Critical
    • Resolution: Unresolved
    • None
    • None
    • 10.2.4-4, 10.2.4-1, 10.2.4-5

    Description

      Password used in various SQL commands are visible in plain text in various server logs. A mechanism should be put in place to obscure them from the logs.

      Attachments

        Issue Links

          Activity

            nirbhay_c Nirbhay Choubey (Inactive) added a comment - http://lists.askmonty.org/pipermail/commits/2016-November/010112.html
            nirbhay_c Nirbhay Choubey (Inactive) added a comment - http://lists.askmonty.org/pipermail/commits/2017-January/010423.html
            nirbhay_c Nirbhay Choubey (Inactive) added a comment - http://lists.askmonty.org/pipermail/commits/2017-January/010427.html
            nirbhay_c Nirbhay Choubey (Inactive) added a comment - http://lists.askmonty.org/pipermail/commits/2017-January/010428.html
            bar Alexander Barkov added a comment - http://lists.askmonty.org/pipermail/commits/2017-January/010428.html looks very good.

            Either we do a moderately generic query rewriting/sanitization feature or hard-code password specific rewriting directly into the parser. The latter will work, but it'll be very rigid and not extendable, thus completely unusable for anything else. It can be done much faster, though

            serg Sergei Golubchik added a comment - Either we do a moderately generic query rewriting/sanitization feature or hard-code password specific rewriting directly into the parser. The latter will work, but it'll be very rigid and not extendable, thus completely unusable for anything else. It can be done much faster, though

            Per this announcement in the Slack triage channel: https://mariadb.slack.com/archives/C05S0ANJ8BE/p1739890335402039, we will now only use the "triage" label to indicate an ongoing customer-engineering escalation. Also, I will remove it, and if it's still needed, let me know.

            julien.fritsch Julien Fritsch added a comment - Per this announcement in the Slack triage channel: https://mariadb.slack.com/archives/C05S0ANJ8BE/p1739890335402039 , we will now only use the "triage" label to indicate an ongoing customer-engineering escalation. Also, I will remove it, and if it's still needed, let me know.

            People

              serg Sergei Golubchik
              nirbhay_c Nirbhay Choubey (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.