Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8811

secure_auth in client/mysql.cc defaults to false

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.1.7
    • Fix Version/s: 10.1
    • Component/s: Scripts & Clients
    • Labels:
      None

      Description

      The secure_auth system variable default value has been changed to true in 10.1.7. However, this change has not been made in mysql.cc - it still defaults to false there.

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            serg Sergei Golubchik added a comment -

            Why should it be changed in mysql client? It's an independent option with its own semantics. It should not be automatically changed if we change the default value of server's secure-auth option.

            I mean, we can change it, of course, but this would need a better reasoning than “the server has it changed.”

            Show
            serg Sergei Golubchik added a comment - Why should it be changed in mysql client? It's an independent option with its own semantics. It should not be automatically changed if we change the default value of server's secure-auth option. I mean, we can change it, of course, but this would need a better reasoning than “the server has it changed.”
            Hide
            greenman Ian Gilfillan added a comment -

            It was changed in MySQL 5.6 in 2012 at the same time as sql-common/client.c ( https://github.com/mysql/mysql-server/commit/ef3723981ccfde6f0db416df56f3e7460f5d15aa ). That's an observation, not a reason, but if the intention is to make sure no one is unknowingly using the old, insecure, pre MySQL 4.1 hashes, and nudge them towards updating them if they are, I don't see why we would want to keep a different default for the mysql client when it's been changed everywhere else.

            Show
            greenman Ian Gilfillan added a comment - It was changed in MySQL 5.6 in 2012 at the same time as sql-common/client.c ( https://github.com/mysql/mysql-server/commit/ef3723981ccfde6f0db416df56f3e7460f5d15aa ). That's an observation, not a reason, but if the intention is to make sure no one is unknowingly using the old, insecure, pre MySQL 4.1 hashes, and nudge them towards updating them if they are, I don't see why we would want to keep a different default for the mysql client when it's been changed everywhere else.
            Hide
            elenst Elena Stepanova added a comment -

            Assigning to Oleksandr Byelkin so it does not get forgotten.
            Sanja, please note Sergei's doubts above and check with him before making the actual change.

            Show
            elenst Elena Stepanova added a comment - Assigning to Oleksandr Byelkin so it does not get forgotten. Sanja, please note Sergei's doubts above and check with him before making the actual change.

              People

              • Assignee:
                sanja Oleksandr Byelkin
                Reporter:
                greenman Ian Gilfillan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: