[MDEV-34434] Hide password passed on commandline from xtrabackup_info - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.1(EOL)
Fix Version/s: 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3
Component/s: Backup
Labels:
None

Description

When running mariabackup and passing the password on the commandline, for security reason having the password in a config file is not acceptable, the password gets copied in the tool_command setting in the xtrabackup_info. This is often not acceptable, having a password stored unencrypted in a file is against the security policies of many companies. There are workarounds but really the backup system needs to be secure by default and having the password in this file actually does not really privide any usefu purpose anyway.

Attachments

Activity

Sergei Golubchik added a comment - 2024-06-21 14:51

it filters out the password if you use --password=xyz, but if you use --password xyz or -pxyz form, then it doesn't

Sergei Golubchik added a comment - 2024-06-21 14:51 it filters out the password if you use --password=xyz , but if you use --password xyz or -pxyz form, then it doesn't

People

Assignee:: Sergei Golubchik

Reporter:: Anders Karlsson

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2024-06-20 13:33

Updated:: 2024-10-24 01:12

Resolved:: 2024-07-17 22:11

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server