mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-13 14:58:15 +02:00
Code Issues Projects Releases Packages Wiki Activity
mariadb/mysql-test/suite/plugins/r/server_audit_pwd_mask.result
Oleksandr Byelkin 0ea19c12fd MDEV-35507 ed25519 authentication plugin create user statement trigger plain text password in audit log 
Mask also all cases of "password(PWD" in CREATE/ALTER USER and GRANT.
(minimal fix)
2024-11-27 19:45:33 +01:00

22 lines
906 B
Text
Raw Permalink Blame History

install plugin ed25519 soname 'auth_ed25519';
install plugin server_audit soname 'server_audit';
set global server_audit_file_path='server_audit.log';
set global server_audit_output_type=file;
set global server_audit_logging=on;
# unsafe to log passwords (pwd-123)
CREATE USER u1 IDENTIFIED BY 'pwd_123';
create user u2 IDENTIFIED VIA ed25519 USING PASSWORD('pwd_123');
SET PASSWORD FOR u1 = PASSWORD('pwd_123');
ALTER USER u1 IDENTIFIED BY 'pwd_123';
alter user u2 identified VIA ed25519 USING password('pwd_123');
GRANT ALL ON test TO u1 IDENTIFIED BY "pwd_123";
GRANT ALL ON test TO u1 identified VIA ed25519 as password('pwd_123') or ed25519 using password('pwd_123');
# pattern should not be found
NOT FOUND /pwd_123/ in server_audit.log
# pattern should not be found
# cleaunup
DROP USER u1;
DROP USER u2;
set global server_audit_logging=off;
UNINSTALL PLUGIN ed25519;
UNINSTALL PLUGIN server_audit;
Reference in a new issue View git blame Copy permalink