[#MDEV-26339] Account specifics to be handled before proxying

[MDEV-26339] Account specifics to be handled before proxying Created: 2021-08-10 Updated: 2022-04-04 Resolved: 2022-01-17
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Affects Version/s:	None
Fix Version/s:	10.4.23, 10.5.14, 10.6.6

Type:

Bug

Priority:

Critical

Reporter:

Ralf Gebhardt

Assignee:

Sergei Golubchik

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Relates

Description

account locking should apply to the account before proxying
ssl checks should be done before proxying
password expiration should be checked before proxying

Comments

Comment by Vladislav Vaintroub [ 2021-08-10 ]

maybe account locking should apply both before and after proxying, for both accounts, anyway this is a little ambiguous.

Comment by Ralf Gebhardt [ 2021-08-10 ]

True, none of the accounts should be used if locked.

Comment by Ralf Gebhardt [ 2021-08-23 ]

This has been discussed again. Only for the connecting user it should be checked if the account is locked. After proxying is an internal usage, like done with other locked system accounts

Generated at Thu Feb 08 09:44:33 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-26339] Account specifics to be handled before proxying Created: 2021-08-10 Updated: 2022-04-04 Resolved: 2022-01-17