[MDEV-34434] Hide password passed on commandline from xtrabackup_info - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.1(EOL)
Fix Version/s: 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3
Component/s: Backup
Labels:
None

Description

When running mariabackup and passing the password on the commandline, for security reason having the password in a config file is not acceptable, the password gets copied in the tool_command setting in the xtrabackup_info. This is often not acceptable, having a password stored unencrypted in a file is against the security policies of many companies. There are workarounds but really the backup system needs to be secure by default and having the password in this file actually does not really privide any usefu purpose anyway.

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Anders Karlsson

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2024-06-20 13:33

Updated:: 2024-10-24 01:12

Resolved:: 2024-07-17 22:11

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.