innobackupex logs plaintext password

Reported by Alexey Kopytov on 2011-03-05
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Percona XtraBackup
Medium
Valentine Gostev
1.6
Medium
Alexey Kopytov
2.0
Medium
Valentine Gostev

Bug Description

When a password for MySQL connection is specified with the --password option, innobackupex prints it in plaintext in the log.

$ ./innobackupex --password=secret /tmp
Version string '' contains invalid data; ignoring: '' at ./innobackupex line 1765.

InnoDB Backup Utility v1.5.1-xtrabackup; Copyright 2003, 2009 Innobase Oy.
All Rights Reserved.

This software is published under
the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.

110305 23:09:40 innobackupex: Starting mysql with options: --password='secret' --unbuffered --
110305 23:09:40 innobackupex: Connected to database with mysql child process (pid=31889)

Changed in percona-xtrabackup:
assignee: nobody → Valentine Gostev (core-longbow)
Changed in percona-xtrabackup:
milestone: none → 1.7
Changed in percona-xtrabackup:
importance: Undecided → Medium
Changed in percona-xtrabackup:
status: New → Fix Committed
Changed in percona-xtrabackup:
assignee: Valentine Gostev (core-longbow) → nobody
Stewart Smith (stewart) on 2011-05-20
Changed in percona-xtrabackup:
assignee: nobody → Valentine Gostev (longbow)
Stewart Smith (stewart) on 2011-06-12
Changed in percona-xtrabackup:
status: Fix Committed → Fix Released
Alexey Kopytov (akopytov) wrote :

Bug #886069 was marked as a duplicate of this one.

Alexey Kopytov (akopytov) wrote :

Targeting to 1.6 series as well, since the bug was fixed in the 1.7 tree when that tree was intended to be the next _minor_ release. Since the final stable 1.7 release is still months away, we should consider a backport for 1.6.4.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers