Bug #68602 Note about "master.info repository" on CHANGE MASTER TO is misleading
Submitted: 7 Mar 2013 17:27 Modified: 28 Jun 2013 14:19
Reporter: Kolbe Kegel Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Errors Severity:S3 (Non-critical)
Version:5.6.10 OS:Any
Assigned to: CPU Architecture:Any

[7 Mar 2013 17:27] Kolbe Kegel
Description:
When executing CHANGE MASTER TO on MySQL 5.6 with either the MASTER_USER or MASTER_PASSWORD options, MySQL issues a warning (a "Note"):

  Level: Note
   Code: 1760
Message: Storing MySQL user name or password information in the master.info repository is not secure and is therefore not recommended. Please see the MySQL Manual for more about this issue and possible alternatives.

This appears to suggest that "master.info" is insecure, which may lead the reader to believe that they should use master-info-repository=table instead of master-info-repository=file. However, this warning is issued when using *both* types of master info repository.

Also, the suggestion to "see the MySQL Manual" is so vague that it is impossible to know what specifically the user should do instead.

I believe the intent of this warning is to suggest that the user use the USER and PASSWORD arguments to START SLAVE instead of using MASTER_USER or MASTER_PASSWORD with CHANGE MASTER TO in the first place.

How to repeat:
SET GLOBAL master_info_repository='table';
change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G

SET GLOBAL master_info_repository='file';
change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G

mysql 5.6.10-log (root) [test]> SET GLOBAL master_info_repository='table';
Query OK, 0 rows affected (0.00 sec)

mysql 5.6.10-log (root) [test]> change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G

SET GLOBAL master_info_repository='file';
change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G
Query OK, 0 rows affected, 2 warnings (0.06 sec)

mysql 5.6.10-log (root) [test]> show warnings\G
*************************** 1. row ***************************
  Level: Note
   Code: 1759
Message: Sending passwords in plain text without SSL/TLS is extremely insecure.
*************************** 2. row ***************************
  Level: Note
   Code: 1760
Message: Storing MySQL user name or password information in the master.info repository is not secure and is therefore not recommended. Please see the MySQL Manual for more about this issue and possible alternatives.
2 rows in set (0.00 sec)

mysql 5.6.10-log (root) [test]>
mysql 5.6.10-log (root) [test]> SET GLOBAL master_info_repository='file';
Query OK, 0 rows affected (0.01 sec)

mysql 5.6.10-log (root) [test]> change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
Query OK, 0 rows affected, 2 warnings (0.05 sec)

mysql 5.6.10-log (root) [test]> show warnings\G
*************************** 1. row ***************************
  Level: Note
   Code: 1759
Message: Sending passwords in plain text without SSL/TLS is extremely insecure.
*************************** 2. row ***************************
  Level: Note
   Code: 1760
Message: Storing MySQL user name or password information in the master.info repository is not secure and is therefore not recommended. Please see the MySQL Manual for more about this issue and possible alternatives.
2 rows in set (0.00 sec)

Suggested fix:
This Note should be re-written to use this form instead:

Storing MySQL user name or password information in the master info repository (either TABLE or FILE) is not secure and is therefore not recommended. Please consider using the USER and PASSWORD arguments to START SLAVE instead.

Including a reference to a specific section of the MySQL Reference Manual, by name, would also be helpful.
[8 Mar 2013 11:07] Erlend Dahl
Thank you for the bug report.
[3 Apr 2013 20:28] Konstantin Osipov
Hit the same bug, wasted 15 minutes.
[28 Jun 2013 14:19] Jon Stephens
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

Same issue as BUG#68599 and fixed together with that bug in 5.6+ (5.6.13/5.7.2). See same for more info.

Closed.