[MDEV-35902] Obfuscate passwords from DCLs in Slow & General query log - Jira

XML

Word

Printable

Details

Type: New Feature
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Fix Version/s: N/A
Component/s: Server
Labels:
None

Description

Logging of commands in slow and general query log exposes passwords.
The request would be to be able to parse the commands that contain passwords and obfuscate them.

There are other reports but could not find one specific for Slow and General query log, like https://jira.mariadb.org/browse/MDEV-24032

MariaDB [(none)]> CREATE USER 'admin'@'%' identified by 'secret_password';

Query OK, 0 rows affected (0,002 sec)

# tail -2 data/fedora.log

250122 15:30:11	    66 Query	CREATE USER 'admin'@'%' identified by 'secret_password'

		     0 Query	INSERT INTO mysql.password_reuse_check_history(hash) values (x'3108EBE98A1374B68F919C3674E0FEBCCC438624B5A254F2605ED3D578A8FD02FA50919FFED17F4361C90ECF92B56E69D26BDA38BB3DC1AE4673F905BB73307D')

250122 15:30:12	    66 Quit

# tail -1 data/fedora-slow.log

CREATE USER 'admin'@'%' identified by 'secret_password';

Attachments

Issue Links

duplicates

MDEV-10584 Obscure plain text passwords from server logs

Open

Activity

People

Assignee:: Unassigned

Reporter:: Claudio Nanni

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2025-01-22 14:33

Updated:: 2025-02-26 17:32

Resolved:: 2025-01-23 13:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.