Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support mysql_clear_password auth switch. Fixes #268
For safety, sending the password in cleartext requires a secure connection.
- Loading branch information
Showing
2 changed files
with
24 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
74cdcba
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bgrainger
IsSecureConnection
may be a bit misleading of a name for this.No password, hashed or unhashed, should be sent over an untrusted, unencrypted connection. An eavesdropper that collects a hashed password could easily use a modified connector to gain access to the database if their IP was permitted.
Maybe
AllowClearTextPassword
or something along those lines would be better?74cdcba
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've already improved this in 959ae7c (before I saw your comment).
The intent of the variable (which is now a field on
MySqlSession
) is to capture whether the current connection is actually secure. Only if it's true will the password be sent in clear text. If that's still unclear, I would like to improve it so it's not confusing.Like I said on #268, we could require "opt in" by requiring a new
AllowClearTextPassword=true
connection string setting. I could be wrong, but I felt that a malicious proxy that MITMs the SSL connection in order to trick the client into negotiatingmysql_clear_password
is a low risk.I'm not sure I completely understand what you're suggesting here, because the "default" MySQL connection sends a hashed password (secure
mysql_native_password
or insecuremysql_old_password
(which we don't support)) over an unencrypted connection.