Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8811

secure_auth in client/mysql.cc defaults to false

        Details

        • Type: Bug
        • Status: Open
        • Priority: Major
        • Resolution: Unresolved
        • Affects Version/s: 10.1.7
        • Fix Version/s: 10.1
        • Component/s: Scripts & Clients
        • Labels:
          None

          Description

          The secure_auth system variable default value has been changed to true in 10.1.7. However, this change has not been made in mysql.cc - it still defaults to false there.

            Gliffy Diagrams

              Attachments

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                serg Sergei Golubchik added a comment -

                Why should it be changed in mysql client? It's an independent option with its own semantics. It should not be automatically changed if we change the default value of server's secure-auth option.

                I mean, we can change it, of course, but this would need a better reasoning than “the server has it changed.”

                Show
                serg Sergei Golubchik added a comment - Why should it be changed in mysql client? It's an independent option with its own semantics. It should not be automatically changed if we change the default value of server's secure-auth option. I mean, we can change it, of course, but this would need a better reasoning than “the server has it changed.”
                Hide
                Permalink
                greenman Ian Gilfillan added a comment -

                It was changed in MySQL 5.6 in 2012 at the same time as sql-common/client.c ( https://github.com/mysql/mysql-server/commit/ef3723981ccfde6f0db416df56f3e7460f5d15aa ). That's an observation, not a reason, but if the intention is to make sure no one is unknowingly using the old, insecure, pre MySQL 4.1 hashes, and nudge them towards updating them if they are, I don't see why we would want to keep a different default for the mysql client when it's been changed everywhere else.

                Show
                greenman Ian Gilfillan added a comment - It was changed in MySQL 5.6 in 2012 at the same time as sql-common/client.c ( https://github.com/mysql/mysql-server/commit/ef3723981ccfde6f0db416df56f3e7460f5d15aa ). That's an observation, not a reason, but if the intention is to make sure no one is unknowingly using the old, insecure, pre MySQL 4.1 hashes, and nudge them towards updating them if they are, I don't see why we would want to keep a different default for the mysql client when it's been changed everywhere else.
                Hide
                Permalink
                elenst Elena Stepanova added a comment -

                Assigning to Oleksandr Byelkin so it does not get forgotten.
                Sanja, please note Sergei's doubts above and check with him before making the actual change.

                Show
                elenst Elena Stepanova added a comment - Assigning to Oleksandr Byelkin so it does not get forgotten. Sanja, please note Sergei's doubts above and check with him before making the actual change.

                  People

                  • Assignee:
                    sanja Oleksandr Byelkin
                    Reporter:
                    greenman Ian Gilfillan
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated: