On Sun, Sep 11, 2011 at 19:35, Craig White craigwhite@azapple.com wrote:
you'd still have it in bash_history though so it's really a poor idea to ever pass a significant password directly on the command line execution
- whether visible or not visible to ps. Much better is to be prompted
for the password instead...
mysql mysql -u root -p
and it will prompt
another option is to have ~/.my.cnf which already has your password
Craig
Actually, it's not in Bash history because I log in from a remote server like this: $ ssh -t dotan@1.2.3.4 "mysql -u root -pSECRET"
That, in turn, is actually aliased to something else. Therefore the login info does appear in my _local_ alias file, but if that is compromised then there is no reason to assume that ~/.ssh/ isn't also compromised, and vice versa.
Additionally, one could add a space before a command to prevent it from being written to the history, I do this when encrypting files with openssl.