0

(Note: I haven't used MariaDB. I'm only doing research at this point.)

I read MariaDB's TDE / data-at-rest encryption support. In its Limitations section it states, "The MariaDB error log is not encrypted. The error log can contain query text and data in some cases..."

I'm assuming that statement implies query errors that might contain a date of birth (DOB) will be plainly written in the error log. If so, what are the workarounds in order to keep the errors logs secure? If the solution is handling encryption in syslog, would you please explain the process?

In addition, are there any other points listed in the Limitations that a new user like myself should be aware of? I am not familiar with MariaDB's intricacies.

Thanks.

Vahid Pazirandeh
  • 1,552
  • 3
  • 13
  • 29

1 Answers1

1

Slow query log, general log and error log are not encrypted.

While slow query log and general log (see MDEV-9639) are usually not used in a production environment, the error log can contain in certain cases (like a server crash) SQL statements which might contain confidential data.

A solution would be to redirect the error log to syslog and to enable rsyslogd encrytion, More information can be found here:

Writing the Error Log to Syslog on Unix

Georg Richter
  • 5,970
  • 2
  • 9
  • 15