Chapter 6 Security

6.1.2.3 Passwords and Logging密码和日志记录

Passwords can be written as plain text in SQL statements such as CREATE USER, GRANT and SET PASSWORD. If such statements are logged by the MySQL server as written, passwords in them become visible to anyone with access to the logs.密码可以在SQL语句中以纯文本形式编写，如CREATE USER、GRANT和SET PASSWORD。如果MySQL服务器按原样记录了这些语句，则任何有权访问日志的人都可以看到其中的密码。

~~Statement logging avoids writing passwords as cleartext for the following statements:~~语句日志记录避免将以下语句的密码以明文形式写入：

CREATE USER ... IDENTIFIED BY ...
ALTER USER ... IDENTIFIED BY ...
SET PASSWORD ...
START SLAVE ... PASSWORD = ...
START REPLICA ... PASSWORD = ...
CREATE SERVER ... OPTIONS(... PASSWORD ...)
ALTER SERVER ... OPTIONS(... PASSWORD ...)

~~Passwords in those statements are rewritten to not appear literally in statement text written to the general query log, slow query log, and binary log. Rewriting does not apply to other statements.~~ 这些语句中的密码被重写，以使其不会出现在写入通用查询日志、慢速查询日志和二进制日志的语句文本中。重写不适用于其他语句。In particular, INSERT or UPDATE statements for the mysql.user system table that refer to literal passwords are logged as is, so you should avoid such statements. (Direct modification of grant tables is discouraged, anyway.)特别是，mysql.user系统表中引用文字密码的INSERT或UPDATE语句按原样记录，因此您应该避免使用此类语句。（无论如何，不建议直接修改拨款表。）

~~For the general query log, password rewriting can be suppressed by starting the server with the --log-raw option.~~ 对于常规查询日志，可以通过使用--log-raw选项启动服务器来抑制密码重写。~~For security reasons, this option is not recommended for production use. For diagnostic purposes, it may be useful to see the exact text of statements as received by the server.~~出于安全原因，不建议将此选项用于生产环境。出于诊断目的，查看服务器接收到的语句的确切文本可能很有用。

By default, contents of audit log files produced by the audit log plugin are not encrypted and may contain sensitive information, such as the text of SQL statements. For security reasons, audit log files should be written to a directory accessible only to the MySQL server and to users with a legitimate reason to view the log. 默认情况下，审计日志插件生成的审计日志文件的内容未加密，可能包含敏感信息，如SQL语句的文本。出于安全原因，审计日志文件应写入仅MySQL服务器和有合法理由查看日志的用户可访问的目录。~~See Section 6.4.5.3, “MySQL Enterprise Audit Security Considerations”.~~请参阅第6.4.5.3节，“MySQL企业审计安全注意事项”。

~~Statements received by the server may be rewritten if a query rewrite plugin is installed (see Query Rewrite Plugins).~~ 如果安装了查询重写插件，服务器接收到的语句可能会被重写（请参阅查询重写插件）。~~In this case, the --log-raw option affects statement logging as follows:~~在这种情况下，--log-raw选项对语句日志记录的影响如下：

~~Without --log-raw, the server logs the statement returned by the query rewrite plugin.~~ 如果没有--log-raw，服务器会记录查询重写插件返回的语句。~~This may differ from the statement as received.~~这可能与收到的声明不同。
~~With --log-raw, the server logs the original statement as received.~~使用--log-raw，服务器会记录收到的原始语句。

An implication of password rewriting is that statements that cannot be parsed (due, for example, to syntax errors) are not written to the general query log because they cannot be known to be password free. 密码重写的一个含义是，无法解析的语句（例如，由于语法错误）不会写入通用查询日志，因为它们不可能是无密码的。~~Use cases that require logging of all statements including those with errors should use the --log-raw option, bearing in mind that this also bypasses password rewriting.~~需要记录所有语句（包括有错误的语句）的用例应使用--log-law选项，记住这也绕过了密码重写。

Password rewriting occurs only when plain text passwords are expected. For statements with syntax that expect a password hash value, no rewriting occurs. If a plain text password is supplied erroneously for such syntax, the password is logged as given, without rewriting.密码重写仅在需要纯文本密码时发生。对于语法要求密码哈希值的语句，不会发生重写。如果为这种语法错误地提供了纯文本密码，则密码将按给定记录，而不会重写。

To guard log files against unwarranted exposure, locate them in a directory that restricts access to the server and the database administrator. If the server logs to tables in the mysql database, grant access to those tables only to the database administrator.为了保护日志文件免受不必要的暴露，请将它们放置在限一致性务器和数据库管理员访问的目录中。如果服务器登录到mysql数据库中的表，则仅授予数据库管理员访问这些表的权限。

~~Replicas store the password for the replication source server in their connection metadata repository, which by default is a table in the mysql database named slave_master_info.~~ 副本将复制源服务器的密码存储在其连接元数据存储库中，默认情况下，该存储库是mysql数据库中名为slave_master_info的表。~~The use of a file in the data directory for the connection metadata repository is now deprecated, but still possible (see Section 17.2.4, “Relay Log and Replication Metadata Repositories”).~~ 现在不推荐在数据目录中使用文件作为连接元数据存储库，但仍然可以（请参阅第17.2.4节，“中继日志和复制元数据存储库”）。~~Ensure that the connection metadata repository can be accessed only by the database administrator.~~ 确保连接元数据存储库只能由数据库管理员访问。An alternative to storing the password in the connection metadata repository is to use the START REPLICA | SLAVE or START GROUP_REPLICATION statement to specify credentials for connecting to the source.在连接元数据存储库中存储密码的另一种方法是使用START REPLICA | SLAVE或START GROUP_REPLICATION语句指定连接到源的凭据。

~~Use a restricted access mode to protect database backups that include log tables or log files containing passwords.~~使用受限访问模式保护包含包含密码的日志表或日志文件的数据库备份。