On Mon, Sep 12, 2011 at 05:37, Devin Reade gdr@gno.org wrote:
Getting back to the original question, it is a feature of mysql (not of CentOS per se), but there's nothing that stops other (C) programs from doing something similar. Shortly after startup, a programmer can set things up so that command line arguments (or in this case one of them) is hidden from anyone from viewing the process table.
However, even using this mechanism there is a window where, if someone looks at the process table at the right time, they will see the password in cleartext.
So, despite the mysql programmers trying to minimize the chance of leaking the password it is still a risk and so the advice others have given about -p (without the password) and .my.cnf is still the best option.
Thanks. I did not realize that this window of opportunity exists. Considering the circumstances, I think that it is a fair tradeoff.
Thank you for the information!