[MXS-4414] MaxScale logs passwords in SQL at the info level - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Not a Bug
Affects Version/s: None
Fix Version/s: N/A
Component/s: N/A
Labels:
None
Environment:
MaxScale 22.08.2
xpand: 5.0.45-Xpand-6.1_beta1

Sprint:
MXS-SPRINT-172

Description

When we issue a command that contains a password through maxscale using xpandmon.

xpand masks the password in xpand logs.
But, maxscale exposed the password in maxscale log at INFO level.

repro:
logged in to xpand via maxscale.

example 1: CREATE USER
executed query:

create user user1@'%' identified by 'user123$'

maxscale logs:

2022-11-25 06:32:24   info   : (13032) [readconnroute] (Read-Only-Service); Routed [COM_QUERY] to '@@Backend-Monitor:node-1' create user user1@'%' identified by 'user123$'

xpand logs:

2022-11-25 06:32:24.887883 UTC nid 1 karma016.colo.sproutsys.com clxnode: INSTR DDL SID:88065 db=test user=maxscale@10.2.16.27  ac=N xid=638061834d685002 sql="create user user1@'%' IDENTIFIED WITH mysql_native_password AS '*4D87A96B7E278BDA947ED2DF5FB2E06A56D38D49'" [no error] time 20.0ms commit_trx 6.0ms; found_rows: -1; fanout: no; attempts: 0; xpand: no

example 2: BACKUP

BACKUP db5391 TO 'sftp://qauser:password123@hefty.colo.sproutsys.com/tmp/tc5391/tc5391.bkup;

maxscale logs:

2022-11-25 06:33:32   info   : (13032) [readconnroute] (Read-Only-Service); Routed [COM_QUERY] to '@@Backend-Monitor:node-1' BACKUP db5391 TO 'sftp://qauser:password123@hefty.colo.sproutsys.com/tmp/tc5391/tc5391.bkup'

xpand logs:

2022-11-25 06:33:32.604425 UTC nid 1 karma016.colo.sproutsys.com clxnode: INSTR SQLERR SID:88065 db=test user=maxscale@10.2.16.27  ac=Y xid=638061cab6ca1002 sql="BACKUP db5391 TO 'sftp://qauser:<redacted>@hefty.colo.sproutsys.com/tmp/tc5391/tc5391.bkup'" [No such database: 'db5391'] time 1.0ms; row_count: -1; found_rows: -1; fanout: no; attempts: 0; xpand: no

example 3: RESTORE

RESTORE db5391 FROM 'sftp://qauser:password123@hefty.colo.sproutsys.com/tmp/tc5391/tc5391.bkup'

maxscale logs:

2022-11-25 06:34:23   info   : (13032) [qc_sqlite] (@@Backend-Monitor:node-1); Parsing the query failed, cannot report query type: RESTORE db5391 FROM 'sftp://qauser:password123@hefty.colo.sproutsys.com/tmp/tc5391/tc5391.bkup'

xpand logs:

2022-11-25 06:34:24.757753 UTC nid 1 karma016.colo.sproutsys.com clxnode: INSTR RESTORE SID:88065 db=test user=maxscale@10.2.16.27  ac=N xid=63806200b8400802 sql="RESTORE db5391 FROM 'sftp://qauser:<redacted>@hefty.colo.sproutsys.com/tmp/tc5391/tc5391.bkup'" [no error] time 1671.9ms begin_trx 21.0ms commit_trx 16.0ms; row_count: -1; found_rows: -1; fanout: no; attempts: 0; xpand: no

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

maxscale.cnf
0.8 kB
2022-11-25 06:50

Activity

People

Assignee:: Johan Wikman

Reporter:: Anurag Kumar (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2022-11-25 07:09

Updated:: 2022-12-13 12:11

Resolved:: 2022-12-08 07:38

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.