Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7134

Audit plugin puts the user password in clear text on CREATE USER

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Major
        • Resolution: Fixed
        • Affects Version/s: 5.5.40, 10.0.14
        • Fix Version/s: 5.5.43
        • Component/s: Plugin - Audit
        • Labels:
        • Environment:
          Linux

          Description

          Audit plugin puts the user password in clear text on CREATE USER
          This might be a feature request, but as it is a security risk, I filled a bug.

          For reference, the mcafee plugin has the following config options:
          audit_password_masking_regex
          audit_password_masking_cmds
          https://github.com/mcafee/mysql-audit/wiki/Configuration

            Gliffy Diagrams

              Attachments

                Activity

                Hide
                Permalink
                holyfoot Alexey Botchkov added a comment -

                That problem is fixed in the Audit plugin v1.2.0.

                Show
                holyfoot Alexey Botchkov added a comment - That problem is fixed in the Audit plugin v1.2.0.

                  People

                  • Assignee:
                    holyfoot Alexey Botchkov
                    Reporter:
                    ivan.stoykov@skysql.com Stoykov
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: