Passwords can be written as plain text in SQL statements such as
SET PASSWORD, or statements that
If these statements are logged by the MySQL server as written,
such passwords become available to anyone with access to the
logs. This applies to the general query log, the slow query log,
and the binary log (see Section 5.2, “MySQL Server Logs”). To guard
against unwarranted exposure to log files, they should be
located in a directory that restricts access to only the server
and the database administrator.
Replication slaves store the password for the replication master
master.info file. Retrict this file
to be accessible only to the database administrator.
Database backups that include tables or log files containing passwords should be protected using a restricted access mode.