Hi all,
I have been playing with mysql and postgresql roles and I have realized
that passwords appear clearly on scalarizr logs. They appear in this file:
(-rw-r--r--) /var/log/scalarizr_update.log
As you can see everybody can read this file, so everybody can see the
password clearly. I know that it doesn't appear the user, but somebody that
look for a little information about scalr, will find default scalr user for
databases.
Another file is the following:
(-rw-------) /var/log/scalarizr_debug.log
Here you can find logs like
"DEBUG - scalarizr.services.mysql - INSERT INTO mysql.user
VALUES('localhost','foo',PASSWORD('bar'),'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,
0,0,0,'','');"
I know that root can only read and write, but, is that secure?
Is there any way to deactivate logs for scalarizr from scalr server?
On the other hand, I am just trying to understand how replication works
with mysql and postgresql roles in aws. I have seen that when new slave
instance is launched, a snapshot is created and a new volume from this
snapshot is used for slave node. After this, how information is sent to the
slave? is it possible to write in master node when slave is launched? I
haven't seen any rsync or something like that. Could you explain me? I
tried to find something in your wiki but I did't get it.
Thanks in advance!!
--
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
