Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-35522

MariaDB Audit does not detect all DCLs forms when masking password

Details

    Description

      Simply based on what I see I report this as bug since MariaDB Audit masks the password from CREATE USER but fails to recognize different forms of the same command.

      20241128 15:58:36,fedora,root,localhost,150,276260,QUERY,,'CREATE USER \'claudio\'@\'%\' IDENTIFIED BY *****',1396
      		 
      20241128 15:56:42,fedora,root,localhost,149,276256,QUERY,,'CREATE OR REPLACE USER \'monty\'@\'%\' IDENTIFIED BY \'123\'',0
      		 
      20241128 15:56:54,fedora,root,localhost,149,276257,QUERY,,'SET STATEMENT max_statement_time=10.000000 FOR CREATE USER \'sergio\'@\'%\' IDENTIFIED BY \'123\'',0
      		 
      https://jira.mariadb.org/browse/MDEV-7134

      So if it was decided to mask the password for the CREATE USER command imho it should be done so to detect the different forms of the same command.

      I did not test for other types of DCLs.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35604 SIGSEGV in filter_query_type | log_statement_ex / auditing

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              sanja Oleksandr Byelkin
              claudio.nanni Claudio Nanni
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.