Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Mask or hide password in output

Bug #886069 reported by BC on 2011-11-04

This bug report is a duplicate of: Bug #729843: innobackupex logs plaintext password. Edit Remove

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Percona XtraBackup moved to https://jira.percona.com/projects/PXB	New	Undecided	Unassigned

Bug Description

[In:The innobackupex Script]

The script displays the password in clear text in the output. This shouldn't be the case and the password should be removed or masked. In any case it should never be displayed or output at any point.

e.g.

innobackupex: Starting mysql with options: --password='somePassword' --user='mysql'

should be

innobackupex: Starting mysql with options: --password='************' --user='mysql'

Displaying clear text passwords in any sort of output or log is a security vulnerability and very rarely useful or wanted.

Tags:

BC (e-bc) on 2011-11-04

visibility:

private → public

Revision history for this message

Alexey Kopytov (akopytov) wrote on 2011-11-04:

It's a duplicate of bug #729843. Fixed in the 1.7 tree. I've targeted that bug to 1.6 series as well.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #729843 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.