[MDEV-8811] secure_auth in client/mysql.cc defaults to false Created: 2015-09-17 Updated: 2015-10-28 Resolved: 2015-10-28 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Scripts & Clients |
| Affects Version/s: | 10.1.7 |
| Fix Version/s: | 10.1.9 |
| Type: | Bug | Priority: | Major |
| Reporter: | Ian Gilfillan | Assignee: | Oleksandr Byelkin |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Sprint: | 10.1.9-1 |
| Description |
|
The secure_auth system variable default value has been changed to true in 10.1.7. However, this change has not been made in mysql.cc - it still defaults to false there. |
| Comments |
| Comment by Sergei Golubchik [ 2015-09-19 ] |
|
Why should it be changed in mysql client? It's an independent option with its own semantics. It should not be automatically changed if we change the default value of server's secure-auth option. I mean, we can change it, of course, but this would need a better reasoning than “the server has it changed.” |
| Comment by Ian Gilfillan [ 2015-09-19 ] |
|
It was changed in MySQL 5.6 in 2012 at the same time as sql-common/client.c ( https://github.com/mysql/mysql-server/commit/ef3723981ccfde6f0db416df56f3e7460f5d15aa ). That's an observation, not a reason, but if the intention is to make sure no one is unknowingly using the old, insecure, pre MySQL 4.1 hashes, and nudge them towards updating them if they are, I don't see why we would want to keep a different default for the mysql client when it's been changed everywhere else. |
| Comment by Elena Stepanova [ 2015-09-20 ] |
|
Assigning to sanja so it does not get forgotten. |
| Comment by Oleksandr Byelkin [ 2015-10-28 ] |
|
As I can see if secure connection is possible (i.e. used modern server and client) it will be established. |