Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26255

show the authentication info in SHOW CREATE USER, but not in SHOW GRANTS

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.5
    • 10.11
    • Server
    • None
    • redhat 7 on x86-64

    Description

      An enhancement request is below.

      We are migrating our databases from MySQL 5.7 to MariaDB 10.5. One of our standard stored procedure in MySQL 5.7 will show privileges of other users. This helps developer to check deployment. The command used in the stored procedure is "show grants"

      However, in MariaDB, "show grants" will output hashed password as well. This creates a security problem. We tried to generate the same show grant sql but it is quite complex and need to update stored procedure each time of brand new privilege in mariadb.

      A request to hide "identified by" section in "show grants". Actually, "show create user" can "identified by" section perfectly for generating create user SQL already.

      In MySQL, "show grants" does not show "identified by" section.

      https://dev.mysql.com/doc/refman/5.7/en/show-grants.html

      SHOW GRANTS output does not include IDENTIFIED BY PASSWORD clauses. Use the SHOW CREATE USER statement instead. See Section 13.7.5.12, “SHOW CREATE USER Statement”.

      MariaDB [(none)]> show grants for testuser ;
      		 
      +---------------------------------------------------------------------------------------------------------+
      		 
      | Grants for testuser@%                                                                                   |
      		 
      +---------------------------------------------------------------------------------------------------------+
      		 
      | GRANT USAGE ON *.* TO `testuser`@`%` IDENTIFIED BY PASSWORD '*9A07C522064A81438E22DC784EAC34A30DD74F94' |
      		 
      +---------------------------------------------------------------------------------------------------------+
      		 
      1 row in set (0.000 sec)
      		 
       
      		 
      MariaDB [(none)]> show create user testuser ;
      		 
      +-----------------------------------------------------------------------------------------------+
      		 
      | CREATE USER for testuser@%                                                                    |
      		 
      +-----------------------------------------------------------------------------------------------+
      		 
      | CREATE USER `testuser`@`%` IDENTIFIED BY PASSWORD '*9A07C522064A81438E22DC784EAC34A30DD74F94' |
      		 
      +-----------------------------------------------------------------------------------------------+
      		 
      1 row in set (0.000 sec)
      		 
       
      		 
      MariaDB [(none)]>

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. MDEV-23266 Display the hashed password only for SUPER user

          • Major - Major loss of function.
          • Stalled

          Activity

            People

              serg Sergei Golubchik
              frelist William Wong
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.