[#MDEV-10055] Hash replication password in master.info

[MDEV-10055] Hash replication password in master.info Created: 2016-05-11 Updated: 2016-05-11 Resolved: 2016-05-11
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System, Replication
Fix Version/s:	N/A

Type:

Task

Priority:

Major

Reporter:

Will Fong

Assignee:

Sergei Golubchik

Resolution:

Won't Fix

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MDEV-8808~~	Encryption of extra password availabl...	Closed

Description

Passwords should be hashed before being written to disk.

Encryption is probably a much better way to handle this (related to ~~MDEV-8808~~), but if that doesn't get implemented, can we at least hash the passwords the way we do for the mysql.user table?

Thanks!

Comments

Comment by Sergei Golubchik [ 2016-05-11 ]

No, we can not. The password hash in the mysql.user is used to verify whether a connecting client is who he claims he is. The password in the master.info is used to connect as a client to another MariaDB server. The authentication protocol is designed so that client must have the original password, while the server only needs the hash (to prevent anyone who can list the content of mysql.user table from impersonating other users).

Generated at Thu Feb 08 07:39:20 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-10055] Hash replication password in master.info Created: 2016-05-11 Updated: 2016-05-11 Resolved: 2016-05-11