[MDEV-31839] Interactive clients should print a warning (or error?) when passwords will be transmitted in cleartext - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Fix Version/s: None
Component/s: Authentication and Privilege System, Plugin - pam
Labels:
None

Description

MariaDB Server has two client authentication plugins that can transmit passwords in cleartext:

dialog
mysql_clear_password

It is generally recommended to use TLS encryption when using either of these two client authentication plugins to ensure that passwords are not transmitted in cleartext.

Currently, interactive clients do not raise a warning or error when either of these plugins are used without TLS encryption.

Folks like jcd, markus makela, and esa.korhonen might have some input on how to implement this in a way that works with other MariaDB products.

Attachments

Activity

People

Assignee:: Ralf Gebhardt

Reporter:: Geoff Montee (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023-08-03 18:08

Updated:: 2024-02-15 14:10

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.