Home/ Questions/Q 8382803
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T17:00:41+00:00

Sometimes I look through my MySQL logs and I stumble upon some AES_ENCRYPT/AES_DECRYPT requests

  • 0

Sometimes I look through my MySQL logs and I stumble upon some AES_ENCRYPT/AES_DECRYPT requests showing the password in plaintext.

If I create the logs inside PHP I would be able to delete them.

But what about MySQL general/slow query logs. Is their an option available or is it possible to set a mySQL variable that won’t be saved in the logs?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Unfortunately, I know of no way to disable MySQL logging for individual statements. The MySQL documentation advises to keep the logs secured for this reason:

    From 5.2.3. The General Query Log

    As of MySQL 5.6.3, passwords in statements written to the general
    query log are rewritten by the server not to occur literally in plain
    text. Password rewriting can be suppressed for the general query log
    by starting the server with the –log-raw option. This option may be
    useful for diagnostic purposes, to see the exact text of statements as
    received by the server, but for security reasons is not recommended
    for production use.

    Before MySQL 5.6.3, passwords in statements are not rewritten and the
    general query log should be protected. See Section 6.1.2.2,
    Administrator Guidelines for Password Security”.

    Unfortunately, that (since 5.6.3) inbuilt anti-password-logging goes only for the MySQL PASSWORD() function.

    I see a few possible solutions for your problem:

    1. For each query: disable the log, execute the query, enable the log
    2. Hash the password in your application itself (in your case, php sha)
    3. Secure the logfiles so noone can see the statements
    4. Log towards an application that removes the passwords itself
    • 0