Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-1683

Commands that take passwords should allow input from stdin and not just from controlling terminals

    XMLWordPrintable

Details

    • MXS-SPRINT-53

    Description

      We use installation scripts to configure maxscale, including adding encrypted passwords to /etc/maxscale.cnf using maxpasswd. Requiring a password to be passed to maxpasswd on the command line exposes a security risk if someone is able to ps -ef during the running of this command (however short of a time) and expose the password.

      To get around this, we would like to pass the password to maxpasswd and maxadmin via stdin from a python script, which would never allow the password to be exposed. Maxadmin currently allows the password to be passed in stdin, but it will fail if not being run on a terminaal (does tcsetattr). You can attempt to do tcgetattr/tcsetaddr but should not fail if being run on controlling terminal, maybe just print a warning at most.

      Attachments

        Activity

          People

            markus makela markus makela
            rvlane Richard Lane
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.