| Bug #90017 | Keyring's obfuscate key is hardcoded | ||
|---|---|---|---|
| Submitted: | 12 Mar 2018 10:31 | Modified: | 13 Mar 2018 14:21 |
| Reporter: | Iwo P | Email Updates: | |
| Status: | Verified | Impact on me: | |
| Category: | MySQL Server: Pluggable Authentication | Severity: | S4 (Feature request) |
| Version: | 5.7 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | keyring | ||
[13 Mar 2018 14:21]
MySQL Verification Team
Hi, This is, indeed, a desirable feature request. Hence, it is verified as a feature request.
Description: Hi, Keyring's obfuscate key is hardcoded in a source code. It might be a good idea to have an option to define it via a configuration variable. ./plugin/keyring/common/keyring_key.cc 188: void Key::xor_data() 189: { 190: if (key == NULL) 191: return; 192: static const char *obfuscate_str="*305=Ljt0*!@$Hnm(*-9-w;:"; 193: for(uint i=0, l=0; i < key_len; ++i, l=((l+1) % strlen(obfuscate_str))) 194: key.get()[i]^= obfuscate_str[l]; 195: } How to repeat: - Suggested fix: Allow setting obfuscate string via a configuration variable.