Comment 4 for bug 1574458

Revision history for this message
BCB (fdajkddcek) wrote : Re: [Bug 1574458] Re: Logs.var.log.mysql.error.log.txt contains usernames and passwords

I just checked the aprox 39 mysql-5.7 bug reports with xxx.error.log.txt
attached and did not see anymore.

I locked my report as my user name and a few random inserts were appeared
in the log.
"ssunderlin"
"Stephen Sunderlin"

If you can remove/replace/ or just delete that error log you can make my
report public again.

https://i255940206.restricted.launchpadlibrarian.net/255940206/Logs.var.log.mysql.error.log.txt?token=vjZn2FHWMBn7TDH8QfsM7fBf9Xccw9sv

Thank you.

On Tue, Apr 26, 2016 at 4:28 AM, Lars Tangvald <email address hidden>
wrote:

> Verified on MySQL 5.7; Password logging should follow the rules
> specified on https://dev.mysql.com/doc/refman/5.7/en/password-
> logging.html, but it seems it's not caught correctly when the grant
> statement fails. I'll send this upstream.
>
> The error log will contain usernames for failed logins, but I can't
> think of much else in the way of PII it would contain.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1574458
>
> Title:
> Logs.var.log.mysql.error.log.txt contains usernames and passwords
>
> Status in mariadb-10.0 package in Ubuntu:
> New
> Status in mariadb-5.5 package in Ubuntu:
> New
> Status in mysql-5.5 package in Ubuntu:
> New
> Status in mysql-5.6 package in Ubuntu:
> New
> Status in mysql-5.7 package in Ubuntu:
> New
>
> Bug description:
> Your automated bug reports are posting
> Logs.var.log.mysql.error.log.txt in clear text. These logs may
> contain PII as well as user credentials.
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/mariadb-10.0/+bug/1574458/+subscriptions
>