Is it possible to hide the password in MySQL General/Slow Query Logs?

Question

Sometimes I look through my MySQL logs and I stumble upon some AES_ENCRYPT/AES_DECRYPT requests showing the password in plaintext.

If I create the logs inside PHP I would be able to delete them.

But what about MySQL general/slow query logs. Is their an option available or is it possible to set a mySQL variable that won't be saved in the logs?

Answer 1

Unfortunately, I know of no way to disable MySQL logging for individual statements. The MySQL documentation advises to keep the logs secured for this reason:

From 5.2.3. The General Query Log

As of MySQL 5.6.3, passwords in statements written to the general query log are rewritten by the server not to occur literally in plain text. Password rewriting can be suppressed for the general query log by starting the server with the --log-raw option. This option may be useful for diagnostic purposes, to see the exact text of statements as received by the server, but for security reasons is not recommended for production use.

Before MySQL 5.6.3, passwords in statements are not rewritten and the general query log should be protected. See Section 6.1.2.2, “Administrator Guidelines for Password Security”.

Unfortunately, that (since 5.6.3) inbuilt anti-password-logging goes only for the MySQL PASSWORD() function.

I see a few possible solutions for your problem:

1. For each query: disable the log, execute the query, enable the log
2. Hash the password in your application itself (in your case, php sha)
3. Secure the logfiles so noone can see the statements
4. Log towards an application that removes the passwords itself