Skip to content

Commit

Permalink
Fix for MySQL 5.7 password crash
Browse files Browse the repository at this point in the history
  • Loading branch information
@pmachapman
pmachapman committed Jan 14, 2016
1 parent e0f1438 commit 0405751
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion MySQLTuner/TuningCalculator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -467,9 +467,22 @@ private void CheckStorageEngines()
/// Display some security recommendations.
/// </summary>
[SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", Justification = "This only supports english")]
[SuppressMessage("Microsoft.Security", "CA2100:Review SQL queries for security vulnerabilities", Justification = "The value in the query is generated by the program")]
private void SecurityRecommendations()
{
string sql = "SELECT CONCAT(user, '@', host) AS `username` FROM mysql.user WHERE password = '' OR password IS NULL ORDER BY `username`";
// Get the name of the password column
string passwordColumnName;
if (this.Server.Version.Major > 5 || (this.Server.Version.Major == 5 && this.Server.Version.Minor >= 7))
{
passwordColumnName = "authentication_string";
}
else
{
passwordColumnName = "password";
}

// Find any users with no passwords
string sql = "SELECT CONCAT(user, '@', host) AS `username` FROM mysql.user WHERE " + passwordColumnName + " = '' OR " + passwordColumnName + " IS NULL ORDER BY `username`";
using (MySqlCommand command = new MySqlCommand(sql, this.Server.Connection))
{
using (MySqlDataReader reader = command.ExecuteReader())
Expand Down

0 comments on commit 0405751

Please sign in to comment.