Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

executor: remove sensitive information in slow-log ... (#18107) #18128

Merged
merged 8 commits into from
Jun 29, 2020
Merged

executor: remove sensitive information in slow-log ... (#18107) #18128

merged 8 commits into from
Jun 29, 2020

Conversation

ti-srebot
Copy link
Contributor

cherry-pick #18107 to release-3.0

Signed-off-by: crazycs520 crazycs520@gmail.com

What problem does this PR solve?

Before this PR, TiDB slow log will record sensitive information such as passwords in slow-log query.

This PR remove sensitive information in slow-log. Such as below:

execute below sql:

set tidb_slow_log_threshold=0;
create user u1 identified by "456789";
alter user 'u1'@'%' identified by 'abcd';
set password for 'u1'@'%' = 'abcsdafd';

The related slow-log will be:

create user {u1@% password = ***};
alter user {u1@% password = ***};
set password for user u1@%;

the related statement will be:

mysql>select query_sample_text from `STATEMENTS_SUMMARY` where query_sample_text like "set password%" or query_sample_text like "create user%" or query_sample_text like 'alter user%';
+-----------------------------------+
| query_sample_text                 |
+-----------------------------------+
| alter user {u1@% password = ***}  |
| create user {u1@% password = ***} |
| set password for user u1@%        |
+-----------------------------------+

What is changed and how it works?

Proposal: xxx

What's Changed:

How it Works:

Related changes

  • Need to cherry-pick to the release branch

Check List

Tests

  • Manual test (add detailed scripts or steps below)

Side effects

  • Performance regression
    • Consumes more CPU
    • Consumes more MEM
  • Breaking backward compatibility

Release note

  • Remove sensitive information in slow-log and statement.

@ti-srebot
Copy link
Contributor Author

/run-all-tests

@ti-srebot ti-srebot mentioned this pull request Jun 19, 2020
Merged
@ti-srebot ti-srebot added sig/sql-infra SIG: SQL Infra sig/execution SIG execution security Everything related with security type/3.0-cherry-pick labels Jun 19, 2020
@ti-srebot ti-srebot added this to the v3.0.16 milestone Jun 19, 2020
@CLAassistant
Copy link

CLAassistant commented Jun 19, 2020
edited
Loading

CLA assistant check
All committers have signed the CLA.

@crazycs520
Copy link
Contributor

/run-all-tests

@kennytm
Copy link
Contributor

kennytm commented Jun 19, 2020

LGTM, but you need to amend f34b470 to remove the author "cs" to fix CLA.

@qw4990 qw4990 removed their request for review June 28, 2020 02:49
qw4990
qw4990 reviewed Jun 28, 2020
View reviewed changes
Copy link
Contributor

@qw4990 qw4990 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-srebot
Copy link
Contributor Author

@qw4990,Thanks for you review.

@qw4990 qw4990 added the status/LGT2 Indicates that a PR has LGTM 2. label Jun 28, 2020
@crazycs520
Copy link
Contributor

/run-all-tests

@crazycs520
Copy link
Contributor

/rebuild

1 similar comment
@qw4990
Copy link
Contributor

qw4990 commented Jun 28, 2020

/rebuild

@crazycs520
Copy link
Contributor

/run-all-tests

@qw4990
Copy link
Contributor

qw4990 commented Jun 28, 2020

/rebuild

@qw4990 qw4990 modified the milestones: v3.0.16, v3.0.17 Jun 28, 2020
@crazycs520
Merge branch 'release-3.0' into release-3.0-dfca52cb0b64
3364477
@crazycs520
skip race test
6b2a8b7 
Signed-off-by: crazycs520 <crazycs520@gmail.com>
@crazycs520
use serial test
4e1a83c 
Signed-off-by: crazycs520 <crazycs520@gmail.com>
@crazycs520
remove unstable test
a64799e 
Signed-off-by: crazycs520 <crazycs520@gmail.com>
@crazycs520
Copy link
Contributor

/run-all-tests

@ti-srebot
Copy link
Contributor Author

@qw4990, Thanks for your review, however we are sorry that your vote won't be count. You already give a LGTM to this PR

@zz-jason zz-jason changed the title executor: remove sensitive information in slow-log and statement (#18107) executor: remove sensitive information in slow-log ... (#18107) Jun 29, 2020
@zz-jason zz-jason merged commit 4cbe17a into pingcap:release-3.0 Jun 29, 2020
@qw4990 qw4990 modified the milestones: v3.0.17, v3.0.16 Jun 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qw4990 qw4990 qw4990 approved these changes

@bb7133 bb7133 Awaiting requested review from bb7133

@kennytm kennytm Awaiting requested review from kennytm

Assignees

@crazycs520 crazycs520

Labels
security Everything related with security sig/execution SIG execution sig/sql-infra SIG: SQL Infra status/LGT2 Indicates that a PR has LGTM 2. type/3.0-cherry-pick
Projects
None yet
Milestone
v3.0.16
Development

Successfully merging this pull request may close these issues.
6 participants
@ti-srebot @CLAassistant @crazycs520 @kennytm @qw4990 @zz-jason