Monitor user password encryption

187 views
Skip to first unread message

Tomas B.

unread,
Jan 25, 2018, 11:57:23 AM1/25/18
to proxysql
Hi,

we are evaluating the ProxySQL usage in our environment, and it seems that there is no way how to encrypt the password of the "monitor" user.
The procedure of loading the pwd into runtime and then save it back to MEM doesn't really work for this, so I assume it works only for users in the mysql_users table.

Would You please consider adding this encryption also for the monitor user and admin user?
The reason I'm asking is that the company doesn't allow storing any kind of passwords in the plain text anywhere, so I would have to find a workaround for this (admin user doesn't have as high priority as the monitor user for me).

Thank you very much and good luck to You and Your great piece of SW this proxy is :)

Tomas

René Cannaò

unread,
Jan 28, 2018, 2:01:07 PM1/28/18
to Tomas B., proxysql
Hi Tomas,

Passwords in mysql_users table are hashed as sha1(sha1(cleartext)).
ProxySQL cannot use these passwords unless a client connects to proxysql, and proxysql can use the handshake from the client to determine sha1(cleartext) and use that to connect to the backends.
For monitor, the story is different: proxysql cannot wait a client to connect to proxysql to decipher sha1(sha1(cleartext)) to obtain sha1(cleartext). ProxySQL should be able to monitor the backends without any client connected.

What would be possible, tho, is to store sha1(cleartext) in global_variables instead of cleartext .
That should work.
Can you please open a feature request?

Thanks

--
You received this message because you are subscribed to the Google Groups "proxysql" group.
To unsubscribe from this group and stop receiving emails from it, send an email to proxysql+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Tomas B.

unread,
Jan 29, 2018, 3:08:25 AM1/29/18
to proxysql
Hello René,

the feature request has been opened

Thank you
To unsubscribe from this group and stop receiving emails from it, send an email to proxysql+u...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to proxysql+u...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages