Re: 534dda1234b: MDEV-35522: MariaDB Audit does not detect all DCLs forms when masking password
Hi, Oleksandr, Ok to push. But do you no longer delete server_audit.log after the test? On Dec 02, Oleksandr Byelkin wrote:
revision-id: 534dda1234b (mariadb-10.5.27-64-g534dda1234b) parent(s): fdb6db6b47f author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2024-11-29 11:45:01 +0100 message:
MDEV-35522: MariaDB Audit does not detect all DCLs forms when masking password
1. skip OR REPLACE (to make it filter_query_type made recursive)
2. skip SET STATEMENT ... FOR before checking statements with passwords
diff --git a/mysql-test/suite/plugins/t/server_audit_pwd_mask.test b/mysql-test/suite/plugins/t/server_audit_pwd_mask.test --- a/mysql-test/suite/plugins/t/server_audit_pwd_mask.test +++ b/mysql-test/suite/plugins/t/server_audit_pwd_mask.test --echo # cleaunup +DROP SERVER s1; DROP USER u1; DROP USER u2; set global server_audit_logging=off; ---remove_file $SEARCH_FILE +##--remove_file $SEARCH_FILE
why?
--disable_warnings UNINSTALL PLUGIN ed25519; UNINSTALL PLUGIN server_audit; --enable_warnings
Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org
Hi! Yes I just forgot restore the line after experimenting (fixed) On Mon, Dec 2, 2024 at 2:28 PM Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Oleksandr,
Ok to push. But do you no longer delete server_audit.log after the test?
revision-id: 534dda1234b (mariadb-10.5.27-64-g534dda1234b) parent(s): fdb6db6b47f author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2024-11-29 11:45:01 +0100 message:
MDEV-35522: MariaDB Audit does not detect all DCLs forms when masking
On Dec 02, Oleksandr Byelkin wrote: password
1. skip OR REPLACE (to make it filter_query_type made recursive)
2. skip SET STATEMENT ... FOR before checking statements with passwords
diff --git a/mysql-test/suite/plugins/t/server_audit_pwd_mask.test
b/mysql-test/suite/plugins/t/server_audit_pwd_mask.test
--- a/mysql-test/suite/plugins/t/server_audit_pwd_mask.test +++ b/mysql-test/suite/plugins/t/server_audit_pwd_mask.test --echo # cleaunup +DROP SERVER s1; DROP USER u1; DROP USER u2; set global server_audit_logging=off; ---remove_file $SEARCH_FILE +##--remove_file $SEARCH_FILE
why?
--disable_warnings UNINSTALL PLUGIN ed25519; UNINSTALL PLUGIN server_audit; --enable_warnings
Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org
participants (2)
-
Oleksandr Byelkin -
Sergei Golubchik