Bug #72158 Prevent logging of encryption functions
Submitted: 29 Mar 2014 10:09 Modified: 17 Aug 2014 12:31
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.6.17 OS:Any
Assigned to: CPU Architecture:Any
Tags: encryption, Security

[29 Mar 2014 10:09] Daniël van Eeden
MySQL tries to prevent passwords from being logged in the client history and other files. But it doesn't prevent logging of the key which was used for AES encryption.


How to repeat:
Use the AES encryption function and see what's in the logs.

Suggested fix:
Prevent logging of the AES function.
[30 Mar 2014 19:03] Umesh Shastry
Hello Daniel,

Thank you for the bug report.
Verified as described.

[17 Aug 2014 12:31] Daniël van Eeden
added tags