Details
Critical Description
When invoking maxctrl with explicit user name and password the password can be seen in the clear in ps output, e.g.:
$ maxctrl --user=admin --password=mariadb
|
...
|
$ ps aux | grep maxctrl
|
vagrant 1898 0.0 0.0 2608 536 pts/0 S+ 11:01 0:00 /bin/sh /usr/bin/maxctrl --user=admin --password=mariadb
|
vagrant 1899 4.3 2.8 603328 58004 pts/0 Sl+ 11:01 0:00 node /usr/share/maxscale/maxctrl/maxctrl.js --user=admin --password=mariadb
|
On the server side command line tools obfuscate password parameters so that they can't be retrieved from ps output, maxctrl should do the same:
$ mysql --user=repl --password=Secret23! --host=master
|
...
|
$ ps aux | grep mysql
|
vagrant 1999 0.0 0.4 20176 8912 pts/0 S+ 11:06 0:00 mysql --user=repl --password=x xxxxxxx --host=master
|
We should handle this consistently across all tools, including maxctrl.
