On Sun, 2011-09-11 at 19:56 +0300, Dotan Cohen wrote:
On Sun, Sep 11, 2011 at 19:35, Craig White craigwhite@azapple.com wrote:
you'd still have it in bash_history though so it's really a poor idea to ever pass a significant password directly on the command line execution
- whether visible or not visible to ps. Much better is to be prompted
for the password instead...
mysql mysql -u root -p
and it will prompt
another option is to have ~/.my.cnf which already has your password
Craig
Actually, it's not in Bash history because I log in from a remote server like this: $ ssh -t dotan@1.2.3.4 "mysql -u root -pSECRET"
That, in turn, is actually aliased to something else. Therefore the login info does appear in my _local_ alias file, but if that is compromised then there is no reason to assume that ~/.ssh/ isn't also compromised, and vice versa.
Additionally, one could add a space before a command to prevent it from being written to the history, I do this when encrypting files with openssl.
---- not exactly sure what point you are trying to make about being compromised - not all that relevant but you can still just use -p option without the password and get prompted for the password which actually solves your question.
Also, since MySQL is client/server you could probably use the mysql client on your local machine and connect to the server and use encryption but that isn't what you asked.
Also, presuming you are using bash on the originating machine, you would have it in bash_history, just on a different machine. The point I was trying to make is that it is generally a poor idea to put a password into a shell command whether mysql or whatever.
Craig