Rechercher dans le manuel MySQL
6.1.2.3 Passwords and Logging
Passwords can be written as plain text in SQL statements such as
CREATE USER
,
GRANT
and
SET PASSWORD
. If such statements
are logged by the MySQL server as written, passwords in them
become visible to anyone with access to the logs.
Statement logging avoids writing passwords as cleartext for the following statements:
Passwords in those statements are rewritten to not appear
literally in statement text written to the general query log,
slow query log, and binary log. Rewriting does not apply to
other statements. In particular,
INSERT
or
UPDATE
statements for the
mysql.user
system table that refer to literal
passwords are logged as is, so you should avoid such statements.
(Direct modification of grant tables is discouraged, anyway.)
For the general query log, password rewriting can be suppressed
by starting the server with the
--log-raw
option. For security
reasons, this option is not recommended for production use. For
diagnostic purposes, it may be useful to see the exact text of
statements as received by the server.
By default, contents of audit log files produced by the audit log plugin are not encrypted and may contain sensitive information, such as the text of SQL statements. For security reasons, audit log files should be written to a directory accessible only to the MySQL server and to users with a legitimate reason to view the log. See Section 6.4.5.3, “MySQL Enterprise Audit Security Considerations”.
Statements received by the server may be rewritten if a query
rewrite plugin is installed (see
Query Rewrite Plugins). In this case, the
--log-raw
option affects
statement logging as follows:
An implication of password rewriting is that statements that
cannot be parsed (due, for example, to syntax errors) are not
written to the general query log because they cannot be known to
be password free. Use cases that require logging of all
statements including those with errors should use the
--log-raw
option, bearing in mind
that this also bypasses password rewriting.
Password rewriting occurs only when plain text passwords are expected. For statements with syntax that expect a password hash value, no rewriting occurs. If a plain text password is supplied erroneously for such syntax, the password is logged as given, without rewriting.
To guard log files against unwarranted exposure, locate them in
a directory that restricts access to the server and the database
administrator. If the server logs to tables in the
mysql
database, grant access to those tables
only to the database administrator.
Replication slaves store the password for the replication master
in the master info repository, which by default is a table in
the mysql
database named
slave_master_info
. The use of a file in the
data directory for the master info repository is now deprecated,
but still possible (see
Section 17.2.4, “Replication Relay and Status Logs”). Ensure that the master
info repository can be accessed only by the database
administrator. An alternative to storing the password in the
master info repository is to use the START
SLAVE
statement to specify credentials for connecting
to the master.
Use a restricted access mode to protect database backups that include log tables or log files containing passwords.
Document created the 26/06/2006, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/mysql-rf-password-logging.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.