sql/sql_rewrite.h · mysql-cluster-7.4.11 · Rasoul Jahanshahi / Mysql Server

Aug 17, 2011

WL#5706/Bug#11746378/Bug#25851: Passwords are visible in logs · a513d2b5

Tatjana Azundris Nuernberg authored Aug 17, 2011

Don't log queries as they come in; parse them first to see
what they're about. If they contain passwords, obfuscate
them. Then log (before query execution), so that general,
binary, and slow query log will not contain clear-text passwords.
--log-raw option disables this for general log (un-rewritten
queries will be logged, before parsing rather than after). Can
be extended to do any other rewriting.

a513d2b5

WL#5706/Bug#11746378/Bug#25851: Passwords are visible in logs

Tatjana Azundris Nuernberg authored Aug 17, 2011

Don't log queries as they come in; parse them first to see
what they're about. If they contain passwords, obfuscate
them. Then log (before query execution), so that general,
binary, and slow query log will not contain clear-text passwords.
--log-raw option disables this for general log (un-rewritten
queries will be logged, before parsing rather than after). Can
be extended to do any other rewriting.