Description:
When executing CHANGE MASTER TO on MySQL 5.6 with either the MASTER_USER or MASTER_PASSWORD options, MySQL issues a warning (a "Note"):
Level: Note
Code: 1760
Message: Storing MySQL user name or password information in the master.info repository is not secure and is therefore not recommended. Please see the MySQL Manual for more about this issue and possible alternatives.
This appears to suggest that "master.info" is insecure, which may lead the reader to believe that they should use master-info-repository=table instead of master-info-repository=file. However, this warning is issued when using *both* types of master info repository.
Also, the suggestion to "see the MySQL Manual" is so vague that it is impossible to know what specifically the user should do instead.
I believe the intent of this warning is to suggest that the user use the USER and PASSWORD arguments to START SLAVE instead of using MASTER_USER or MASTER_PASSWORD with CHANGE MASTER TO in the first place.
How to repeat:
SET GLOBAL master_info_repository='table';
change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G
SET GLOBAL master_info_repository='file';
change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G
mysql 5.6.10-log (root) [test]> SET GLOBAL master_info_repository='table';
Query OK, 0 rows affected (0.00 sec)
mysql 5.6.10-log (root) [test]> change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G
SET GLOBAL master_info_repository='file';
change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
show warnings\G
Query OK, 0 rows affected, 2 warnings (0.06 sec)
mysql 5.6.10-log (root) [test]> show warnings\G
*************************** 1. row ***************************
Level: Note
Code: 1759
Message: Sending passwords in plain text without SSL/TLS is extremely insecure.
*************************** 2. row ***************************
Level: Note
Code: 1760
Message: Storing MySQL user name or password information in the master.info repository is not secure and is therefore not recommended. Please see the MySQL Manual for more about this issue and possible alternatives.
2 rows in set (0.00 sec)
mysql 5.6.10-log (root) [test]>
mysql 5.6.10-log (root) [test]> SET GLOBAL master_info_repository='file';
Query OK, 0 rows affected (0.01 sec)
mysql 5.6.10-log (root) [test]> change master to master_host='127.0.0.1', master_port=4001, master_auto_position=1, master_user='root', master_password='';
Query OK, 0 rows affected, 2 warnings (0.05 sec)
mysql 5.6.10-log (root) [test]> show warnings\G
*************************** 1. row ***************************
Level: Note
Code: 1759
Message: Sending passwords in plain text without SSL/TLS is extremely insecure.
*************************** 2. row ***************************
Level: Note
Code: 1760
Message: Storing MySQL user name or password information in the master.info repository is not secure and is therefore not recommended. Please see the MySQL Manual for more about this issue and possible alternatives.
2 rows in set (0.00 sec)
Suggested fix:
This Note should be re-written to use this form instead:
Storing MySQL user name or password information in the master info repository (either TABLE or FILE) is not secure and is therefore not recommended. Please consider using the USER and PASSWORD arguments to START SLAVE instead.
Including a reference to a specific section of the MySQL Reference Manual, by name, would also be helpful.
