php – 是否可以在MySQL常规/慢速查询日志中隐藏密码?

前端之家收集整理的这篇文章主要介绍了php – 是否可以在MySQL常规/慢速查询日志中隐藏密码?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

有时我查看我的MySQL日志,我偶然发现了一些显示明文密码的AES_ENCRYPT/AES_DECRYPT个请求.

如果我在PHP中创建日志,我将能够delete.

但是MySQL general/slow query logs呢.他们的选项是可用的,还是可以设置一个不会保存在日志中的@R_404_198@变量?

最佳答案
不幸的是,我知道无法为单个语句禁用@R_404_198@日志记录. @R_404_198@文档建议保持日志安全,原因如下:

5.2.3. The General Query Log

As of @R_404_198@ 5.6.3,passwords in statements written to the general
query log are rewritten by the server not to occur literally in plain
text. Password rewriting can be suppressed for the general query log
by starting the server with the –log-raw option. This option may be
useful for diagnostic purposes,to see the exact text of statements as
received by the server,but for security reasons is not recommended
for production use.

Before @R_404_198@ 5.6.3,passwords in statements are not rewritten and the
general query log should be protected. See Section 6.1.2.2,
“07001”.

不幸的是,(自5.6.3开始)内置的反密码日志记录仅适用于@R_404_198@ PASSWORD()函数.

我为您的问题找到了一些可能的解决方案:

>对于每个查询:禁用日志,执行查询,启用日志
>在应用程序本身中隐藏密码(在您的情况下,PHP sha)
>保护日志文件,以便没有人能看到这些语句
>登录删除密码本身的应用程序

猜你在找的MySQL相关文章