Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14796

debian warns of insecure root password when a plugin is used

    XMLWordPrintable

    Details

    • Sprint:
      5.5.59

      Description

      SELECT count(*) FROM mysql.user WHERE user='root' and password=''

      can report insecure root passwords even if a plugin is used.

      If a bit unfair to report an unused password field as insecure if a plugin is set.

      https://github.com/grooverdan/mariadb-server/tree/5.5-debian-insecure-root-plugin-empty is a patch that corrects this by testing adding and plugin='' in the sql. I submit this under the MCA.

      FYI Otto Kekäläinen, Ondřej Surý

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              svoj Sergey Vojtovich
              Reporter:
              danblack Daniel Black
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: