hhf/MySQLTuner-perl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #514 from grooverdan/mdb10.4-secure-users

Browse source 
secure users MariaDB-10.4+ / MySQL auth socket
This commit is contained in:
Jean-Marie Renouard 2020-12-08 08:30:23 +01:00 committed by GitHub
commit aac1ab2b4d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
mysqltuner.pl
View file

@ -1808,13 +1808,17 @@ sub security_recommendations {
}
# Looking for Empty Password
if ( mysql_version_ge( 5, 5 ) ) {
if ( mysql_version_ge(10, 4) ) {
@mysqlstatlist = select_array
"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL) AND plugin NOT IN ('unix_socket', 'win_socket', 'auth_pam_compat')";
q{SELECT CONCAT(user, '@', host) FROM mysql.global_priv WHERE
JSON_CONTAINS(Priv, '"mysql_native_password"', '$.plugin') AND JSON_CONTAINS(Priv, '""', '$.authentication_string')
AND NOT JSON_CONTAINS(Priv, 'true', '$.account_locked')};
}
else {
@mysqlstatlist = select_array
"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL)";
"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL)
/*!50501 AND plugin NOT IN ('auth_socket', 'unix_socket', 'win_socket', 'auth_pam_compat') */
/*!80000 AND account_locked = 'N' AND password_expired = 'N' */";
}
if (@mysqlstatlist) {
foreach my $line ( sort @mysqlstatlist ) {