Mask or hide password in output

Bug #886069 reported by BC
This bug report is a duplicate of:  Bug #729843: innobackupex logs plaintext password. Edit Remove
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB
New
Undecided
Unassigned

Bug Description

[In:The innobackupex Script]

The script displays the password in clear text in the output. This shouldn't be the case and the password should be removed or masked. In any case it should never be displayed or output at any point.

e.g.

innobackupex: Starting mysql with options: --password='somePassword' --user='mysql'

should be

innobackupex: Starting mysql with options: --password='************' --user='mysql'

Displaying clear text passwords in any sort of output or log is a security vulnerability and very rarely useful or wanted.

Tags: doc
BC (e-bc)
visibility: private → public
Revision history for this message
Alexey Kopytov (akopytov) wrote :

It's a duplicate of bug #729843. Fixed in the 1.7 tree. I've targeted that bug to 1.6 series as well.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.