TDengine icon indicating copy to clipboard operation
TDengine copied to clipboard
verified publisher icon taosdata

security issue :the ~/.taos_history file permission is 666,which is readable by everyuser

Open kerneltravel opened this issue 3 years ago • 1 comments

Bug Description

To Reproduce

stat  ~/.taos_history

Expected Behavior shoud not read by other people. or not record some sql in this file, e.g.: sql: alter user pass 'xxxx'; shoud not be recorded in .taos_hisrory file .

kerneltravel avatar Nov 22 '22 07:11 kerneltravel

thanks for your advice, we are fixing it

yu285 avatar Nov 25 '22 07:11 yu285

We adopted your second suggestion for record password in taos_history, and the product has been repaired. The first suggestion was not adopted because we thought it was not necessary after evaluation. Thank you for your advice.

DuanKuanJun avatar Dec 05 '22 10:12 DuanKuanJun