Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12835

Write warning to error log if user's login password is ignored

    XMLWordPrintable

    Details

      Description

      A user recently found out that the password for his 'root'@'localhost' account was being ignored. It turns out that his build of MariaDB uses unix_socket authentication by default for that user account. However, he was not aware of that, so he still attempted to set a password for this user account. He was also not familiar with the unix_socket plugin, so he was quite confused when he discovered that he could log into MariaDB without supplying a password after he explicitly set one.

      The user suggested that it might be worthwhile for the server to throw a warning when a user's provided login password is ignored. For security reasons, it might make sense to only write the warning to the server's error log. Maybe this warning could be toggled on/off based on the value of log_warnings, similar to the other warnings thrown by authentication issues.

      I'm not entirely familiar with internals of the authentication plugin API, so I don't know how practical this feature request is with the current implementation.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: