[GH-ISSUE #1477] Annoing warning in error log with mysql DB #1163

New issue

Closed

opened 2026-02-27 11:15:38 +03:00 by kerem · 6 comments

kerem commented 2026-02-27 11:15:38 +03:00

Owner

Copy link

Originally created by @niko-lay on GitHub (Apr 25, 2018).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1477

Impacted versions

• Modoboa: 1.10.4
• installer used: Yes
• Webserver: Nginx

Steps to reproduce

Install modoboa with mysql, not mariadb. Set in installer.cfg

[database]
engine = mysql
host = 127.0.0.1
install = false

and provide root credentials

Current behavior

Each request to the database is accompanied with an annoying message in the logs
Apr 22 09:59:17 xxx dovecot: postlogin: Error: mysql: [Warning] Using a password on the command line interface can be insecure.

Expected behavior

No message about mysql error/warning

Is there any ability to remove this message? For example, I want to use mysql_config_editor, but I'm not sure if the proxy:mysql understands this setting

Originally created by @niko-lay on GitHub (Apr 25, 2018). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1477 # Impacted versions * Modoboa: 1.10.4 * installer used: Yes * Webserver: Nginx # Steps to reproduce Install modoboa with mysql, not mariadb. Set in installer.cfg ``` [database] engine = mysql host = 127.0.0.1 install = false ``` and provide root credentials # Current behavior Each request to the database is accompanied with an annoying message in the logs ` Apr 22 09:59:17 xxx dovecot: postlogin: Error: mysql: [Warning] Using a password on the command line interface can be insecure. ` # Expected behavior No message about mysql error/warning Is there any ability to remove this message? For example, I want to use `mysql_config_editor`, but I'm not sure if the `proxy:mysql` understands this setting

kerem 2026-02-27 11:15:38 +03:00

• closed this issue
• added the
  stale
  label

kerem commented 2026-02-27 11:15:38 +03:00

Author

Owner

Copy link

@tomcrus001 commented on GitHub (Oct 31, 2020):

Hey there.

As the databse-credentials are already contained in Modoboa's configuration file settings.py, I'd suggest to add another command to manage.py e.g. update-last-login, which will do the database-query in turn.

This way the shell-script postlogin.sh currently being in charge of doing this isn't needed any more and therefor doesn't need to contain any username/password for accessing the database.

I'd also be willing to contribute this myself. I have some experience with Django, but as I just started using Modoboa I'm not sure what would be the best Django-app to include this, maybe the admin-app?

<!-- gh-comment-id:719966224 --> @tomcrus001 commented on GitHub (Oct 31, 2020): Hey there. As the databse-credentials are already contained in *Modoboa*'s configuration file `settings.py`, I'd suggest to add another command to `manage.py` e.g. `update-last-login`, which will do the database-query in turn. This way the shell-script `postlogin.sh` currently being in charge of doing this isn't needed any more and therefor doesn't need to contain any username/password for accessing the database. I'd also be willing to contribute this myself. I have some experience with *Django*, but as I just started using *Modoboa* I'm not sure what would be the best *Django*-app to include this, maybe the `admin`-app?

kerem commented 2026-02-27 11:15:38 +03:00

Author

Owner

Copy link

@tomcrus001 commented on GitHub (Oct 31, 2020):

Some background information about the warning itself can be found here: End-User Guidelines for Password Security

In short the: password given to mysql (or also any other DB-cli-tool) as command-line-parameter can possibly get seen by anybody who can see the process-list on the server. So this is a security-risk of leaking the database-password!

<!-- gh-comment-id:719967328 --> @tomcrus001 commented on GitHub (Oct 31, 2020): Some background information about the warning itself can be found here: [End-User Guidelines for Password Security](https://dev.mysql.com/doc/refman/8.0/en/password-security-user.html) In short the: password given to `mysql` (or also any other DB-cli-tool) as command-line-parameter can possibly get seen by anybody who can see the process-list on the server. So this is a security-risk of leaking the database-password!

kerem commented 2026-02-27 11:15:38 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Nov 5, 2020):

@tomcrus001 That's actually a good idea! I think the core app would be the best place, since it contains the User model. What do you think?

<!-- gh-comment-id:722404738 --> @tonioo commented on GitHub (Nov 5, 2020): @tomcrus001 That's actually a good idea! I think the core app would be the best place, since it contains the User model. What do you think?

kerem commented 2026-02-27 11:15:38 +03:00

Author

Owner

Copy link

@tomcrus001 commented on GitHub (Jan 8, 2021):

Just for convenience I'll document some background-information about where the mentioned postlogin.sh gets used and for what purpose:
The dovecot-configuration in /etc/dovecot/conf.d/10-master.conf specifies to call this script after login to imap-/pop3-services - see Dovecot-Documantation about this.
The script just updates the timestamp of last user-login and get executed as modoboa-user

<!-- gh-comment-id:756939227 --> @tomcrus001 commented on GitHub (Jan 8, 2021): Just for convenience I'll document some background-information about where the mentioned `postlogin.sh` gets used and for what purpose: The *dovecot*-configuration in `/etc/dovecot/conf.d/10-master.conf` specifies to call this script after login to *imap*-/*pop3*-services - see [Dovecot-Documantation](https://wiki.dovecot.org/PostLoginScripting) about this. The script just updates the timestamp of last user-login and get executed as *modoboa*-user

kerem commented 2026-02-27 11:15:38 +03:00

Author

Owner

Copy link

@tomcrus001 commented on GitHub (Jan 8, 2021):

I'll try now to implement this function as management-command as suggested before and make a pull-request as soon as I have implemented it.
After that there still exists the need to also change the modoboa-installer to use this new command instead postlogin.sh.
And probably there needs to get done some updates on already installed setups as well. Are there any update-scripts that get used for this?

<!-- gh-comment-id:756946155 --> @tomcrus001 commented on GitHub (Jan 8, 2021): I'll try now to implement this function as management-command as suggested before and make a pull-request as soon as I have implemented it. After that there still exists the need to also change the modoboa-installer to use this new command instead `postlogin.sh`. And probably there needs to get done some updates on already installed setups as well. Are there any update-scripts that get used for this?

kerem commented 2026-02-27 11:15:38 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 21, 2026):

This issue was closed because it has been stalled for 14 days with no activity.

<!-- gh-comment-id:3775932939 --> @github-actions[bot] commented on GitHub (Jan 21, 2026): This issue was closed because it has been stalled for 14 days with no activity.

kerem referenced this issue 2026-02-27 12:09:35 +03:00

[PR #1163] [MERGED] [admin] fixed retrieve account endpoint. #2141

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#1163

No description provided.