Hey Adrian, Two things: - The update log should only have one key, which is a one-time key that is not used by MySQL, and is expired / revoked shortly after Scalarizr starts. Nonetheless, we'll shortly set the permissions to 600 on this log. - The debug log does have the MySQL password, but if someone can read it then they can subvert MySQL anyway. However, if having the password in the log makes you uncomfortable, you can truncate the log anyway.
Does this help? Cheers, -- Thomas | Product Manager @ Scalr | [email protected] | www.scalr.com | blog.scalr.com On Fri, Feb 20, 2015 at 5:23 AM, < [email protected]> wrote: > Hi all, > > I have been playing with mysql and postgresql roles and I have realized > that passwords appear clearly on scalarizr logs. They appear in this file: > > (-rw-r--r--) /var/log/scalarizr_update.log > > As you can see everybody can read this file, so everybody can see the > password clearly. I know that it doesn't appear the user, but somebody that > look for a little information about scalr, will find default scalr user for > databases. > > Another file is the following: > (-rw-------) /var/log/scalarizr_debug.log > > Here you can find logs like > > "DEBUG - scalarizr.services.mysql - INSERT INTO mysql.user > VALUES('localhost','foo',PASSWORD('bar'),'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0, > 0,0,0,'','');" > > I know that root can only read and write, but, is that secure? > > Is there any way to deactivate logs for scalarizr from scalr server? > > On the other hand, I am just trying to understand how replication works > with mysql and postgresql roles in aws. I have seen that when new slave > instance is launched, a snapshot is created and a new volume from this > snapshot is used for slave node. After this, how information is sent to the > slave? is it possible to write in master node when slave is launched? I > haven't seen any rsync or something like that. Could you explain me? I > tried to find something in your wiki but I did't get it. > > Thanks in advance!! > > > > > > -- > You received this message because you are subscribed to the Google Groups > "scalr-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
