Skip to content

Commit e29b76f

Browse files
grooverdangrooverdan
committed
empty passwords - use exact user/host quoted
1 parent 0be85cb commit e29b76f

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

mysqltuner.pl

+6-6
Original file line numberDiff line numberDiff line change
@@ -1846,14 +1846,14 @@ sub security_recommendations {
18461846
# Looking for Empty Password
18471847
if ( mysql_version_ge(10, 4) ) {
18481848
@mysqlstatlist = select_array
1849-
q{SELECT CONCAT(user, '@', host) FROM mysql.global_priv WHERE
1849+
q{SELECT CONCAT(QUOTE(user), '@', QUOTE(host)) FROM mysql.global_priv WHERE
18501850
user != ''
18511851
AND JSON_CONTAINS(Priv, '"mysql_native_password"', '$.plugin') AND JSON_CONTAINS(Priv, '""', '$.authentication_string')
18521852
AND NOT JSON_CONTAINS(Priv, 'true', '$.account_locked')};
18531853
}
18541854
else {
18551855
@mysqlstatlist = select_array
1856-
"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL)
1856+
"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL)
18571857
AND user != ''
18581858
/*!50501 AND plugin NOT IN ('auth_socket', 'unix_socket', 'win_socket', 'auth_pam_compat') */
18591859
/*!80000 AND account_locked = 'N' AND password_expired = 'N' */";
@@ -1862,7 +1862,7 @@ sub security_recommendations {
18621862
foreach my $line ( sort @mysqlstatlist ) {
18631863
chomp($line);
18641864
badprint "User '" . $line . "' has no password set.";
1865-
push (@generalrec, "Set up a Secure Password for $line user: SET PASSWORD FOR '".(split /@/, $line)[0]."'\@'SpecificDNSorIp' = PASSWORD('secure_password');")
1865+
push (@generalrec, "Set up a Secure Password for $line user: SET PASSWORD FOR $line = PASSWORD('secure_password');")
18661866
}
18671867
}
18681868
else {
@@ -1882,12 +1882,12 @@ sub security_recommendations {
18821882

18831883
# Looking for User with user/ uppercase /capitalise user as password
18841884
@mysqlstatlist = select_array
1885-
"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE user != '' AND (CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(user) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(UPPER(user)) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(CONCAT(UPPER(LEFT(User, 1)), SUBSTRING(User, 2, LENGTH(User)))))";
1885+
"SELECT CONCAT(QUOTE(user), '\@', QUOTE(host)) FROM mysql.user WHERE user != '' AND (CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(user) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(UPPER(user)) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(CONCAT(UPPER(LEFT(User, 1)), SUBSTRING(User, 2, LENGTH(User)))))";
18861886
if (@mysqlstatlist) {
18871887
foreach my $line ( sort @mysqlstatlist ) {
18881888
chomp($line);
1889-
badprint "User '" . $line . "' has user name as password.";
1890-
push (@generalrec, "Set up a Secure Password for $line user: SET PASSWORD FOR '".(split /@/, $line)[0]."'\@'SpecificDNSorIp' = PASSWORD('secure_password');");
1889+
badprint "User " . $line . " has user name as password.";
1890+
push (@generalrec, "Set up a Secure Password for $line user: SET PASSWORD FOR $line = PASSWORD('secure_password');");
18911891
}
18921892
}
18931893

0 commit comments

Comments
 (0)