6.1.2.3 Passwords and Logging

Passwords can be written as plain text in SQL statements such as CREATE USER, GRANT, and SET PASSWORD, or statements that invoke the PASSWORD() function. If these statements are logged by the MySQL server as written, such passwords become available to anyone with access to the logs. This applies to the general query log, the slow query log, and the binary log (see Section 5.2, “MySQL Server Logs”).

Contents of the audit log file produced by the audit log plugin are not encrypted. For security reasons, this file should be written to a directory accessible only to the MySQL server and users with a legitimate reason to view the log. See Section 6.3.11.2, “Audit Log Plugin Security Considerations”.

To guard against unwarranted exposure to log files, they should be located in a directory that restricts access to only the server and the database administrator. If you log to tables in the mysql database, access to the tables should never be granted to any nonadministrative accounts.

Replication slaves store the password for the replication master in the master.info file. Restrict this file to be accessible only to the database administrator.

Database backups that include tables or log files containing passwords should be protected using a restricted access mode.