Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-1683

Commands that take passwords should allow input from stdin and not just from controlling terminals

    XMLWordPrintable

    Details

    • Sprint:
      MXS-SPRINT-53

      Description

      We use installation scripts to configure maxscale, including adding encrypted passwords to /etc/maxscale.cnf using maxpasswd. Requiring a password to be passed to maxpasswd on the command line exposes a security risk if someone is able to ps -ef during the running of this command (however short of a time) and expose the password.

      To get around this, we would like to pass the password to maxpasswd and maxadmin via stdin from a python script, which would never allow the password to be exposed. Maxadmin currently allows the password to be passed in stdin, but it will fail if not being run on a terminaal (does tcsetattr). You can attempt to do tcgetattr/tcsetaddr but should not fail if being run on controlling terminal, maybe just print a warning at most.

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            rvlane Richard Lane
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration