Details
-
Type:
Task
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
Description
I wrote a small command-line utility to be able to calculate the standard MySQL hashes that are used for logins, without the need for a database connection. This way, plain text passwords need not be sent to the server or be logged in the query log. The utility can generate a hash, generate SQL or "fix" plain text passwords in SQL. Man pages in English and Dutch are included.
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
I encountered this bug when I wanted to create a database on somebody else's server. As a developer, I am used to be in full control of the database server, but the issue here is that I want to create all necessary SQL beforehand (so I can test it locally) and send it to the "little privileged" database in one batch. The database is not necessarily accessible from outside or even through networking (or SSH tunnel to 127.0.0.1). I wrote this utility to be able to define a user without a connection during the preparation. If necessary, I could send the entire SQL by email and still not leak any password.
Ah, okay. I understand now, thanks.
Isn't that what mysqladmin is doing? It calculates the hash and sends "SET PASSWORD=calculated_hash" to the server. That is, the plain-text password is not logged anywhere.
But, as I can see, mysqladmin also tries to set SQL_LOG_OFF=1, and it requires SUPER privilege, as that MySQL bug 57220 says.
If mysqladmin would ignore errors from SET SQL_LOG_OFF=1, wouldn't that be the more native and integrated solution?