Passwords can be written as plain text in SQL statements such as
CREATE USER
,
GRANT
, SET
PASSWORD
, and statements that invoke the
PASSWORD()
function. If such
statements are logged by the MySQL server as written, passwords
in them become visible to anyone with access to the logs. This
applies to the general query log, the slow query log, and the
binary log (see Section 5.4, “MySQL Server Logs”).
Contents of the audit log file produced by the audit log plugin are not encrypted. For security reasons, this file should be written to a directory accessible only to the MySQL server and users with a legitimate reason to view the log. See Section 6.4.2.2, “MySQL Enterprise Audit Security Considerations”.
To guard log files against unwarranted exposure, locate them in
a directory that restricts access to the server and the database
administrator. If the server logs to tables in the
mysql
database, grant access to those tables
only to the database administrator.
Replication slaves store the password for the replication master
in the master.info
file. Restrict this file
to be accessible only to the database administrator.
Use a restricted access mode to protect database backups that include log tables or log files containing passwords.