Percona XtraBackup moved to https://jira.percona.com/projects/PXB

innobackupex logs plaintext password

Bug #729843 reported by Alexey Kopytov on 2011-03-05

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Percona XtraBackup moved to https://jira.percona.com/projects/PXB	Fix Released	Medium	Valentine Gostev	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 1.9.0
1.6	Fix Released	Medium	Alexey Kopytov	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 1.6.4
2.0	Fix Released	Medium	Valentine Gostev	Percona XtraBackup moved to https://jira.percona.com/projects/PXB 1.9.0

Bug Description

When a password for MySQL connection is specified with the --password option, innobackupex prints it in plaintext in the log.

$ ./innobackupex --password=secret /tmp
Version string '' contains invalid data; ignoring: '' at ./innobackupex line 1765.

This software is published under
the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.

110305 23:09:40 innobackupex: Starting mysql with options: --password='secret' --unbuffered --
110305 23:09:40 innobackupex: Connected to database with mysql child process (pid=31889)

Related branches

lp:~percona-dev/percona-xtrabackup/fix_729843

Merged into lp:percona-xtrabackup/2.0 at revision 254

Alexey Kopytov (community): Approve on 2011-04-29

lp:~akopytov/percona-xtrabackup/bug729843

Merged into lp:percona-xtrabackup/1.6 at revision 308

Stewart Smith (community): Approve on 2011-11-28

Revision history for this message

Baron Schwartz (baron-xaprb) wrote on 2011-03-14:

Patch here: https://gist.github.com/868772

Valentine Gostev (longbow) on 2011-04-26

Changed in percona-xtrabackup:
assignee:	nobody → Valentine Gostev (core-longbow)

Valentine Gostev (longbow) on 2011-04-29

Changed in percona-xtrabackup:
milestone:	none → 1.7

Valentine Gostev (longbow) on 2011-04-29

Changed in percona-xtrabackup:
importance:	Undecided → Medium

Valentine Gostev (longbow) on 2011-04-29

Changed in percona-xtrabackup:
status:	New → Fix Committed

Valentine Gostev (longbow) on 2011-05-05

Changed in percona-xtrabackup:
assignee:	Valentine Gostev (core-longbow) → nobody

Stewart Smith (stewart) on 2011-05-20

Changed in percona-xtrabackup:
assignee:	nobody → Valentine Gostev (longbow)

Stewart Smith (stewart) on 2011-06-12

Changed in percona-xtrabackup:
status:	Fix Committed → Fix Released

Revision history for this message

Alexey Kopytov (akopytov) wrote on 2011-11-04:

Bug #886069 was marked as a duplicate of this one.

Revision history for this message

Alexey Kopytov (akopytov) wrote on 2011-11-04:

Targeting to 1.6 series as well, since the bug was fixed in the 1.7 tree when that tree was intended to be the next _minor_ release. Since the final stable 1.7 release is still months away, we should consider a backport for 1.6.4.

Revision history for this message

Niyati (123niyati) wrote on 2015-03-31:

The plain text password is still been visible with CentOS/GNU Linux percona-xtrabackup 2.2.9 version with ps -ef command too.

no longer affects:

percona-xtrabackup (CentOS)

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-20:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXB-560

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #886069

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.