mysql: mysqld creates world readable logs..

[monty () MONTY PP SCI FI (Michael Widenius)]

> > > > > "Mike" == Mike Uttech <mike-uttech () Usinternet com> writes:

Mike> On three systems that we have looked at, mysqld creates a world readable
Mike> log file that contains the passwords for the users if they were INSERT'd
Mike> into the user database.  If you chmod the log files to 600, it will keep
Mike> them at 600 even if you restart mysqld.  If you remove the logfile, then
Mike> restart mysqld it will recreate the logfile with 644.

Mike> [zipoff data]# cat *.log | grep PASSWORD
Mike> 981225 22:50:58    371 Query     INSERT INTO user (host,user,password)
Mike> VALUES('localhost','zipoff',PASSWORD('th1si5acrypt1cpa55w0rd'))

Hi!

This is a known misfeature in MySQL 3.21;  This if fixed in MySQL 3.22

Regards,
Monty