On Sun, Sep 11, 2011 at 19:35, Craig White <craigwhite at azapple.com> wrote: > you'd still have it in bash_history though so it's really a poor idea to > ever pass a significant password directly on the command line execution > - whether visible or not visible to ps. Much better is to be prompted > for the password instead... > > mysql mysql -u root -p > > and it will prompt > > another option is to have ~/.my.cnf which already has your password > > Craig > Actually, it's not in Bash history because I log in from a remote server like this: $ ssh -t dotan at 1.2.3.4 "mysql -u root -pSECRET" That, in turn, is actually aliased to something else. Therefore the login info does appear in my _local_ alias file, but if that is compromised then there is no reason to assume that ~/.ssh/ isn't also compromised, and vice versa. Additionally, one could add a space before a command to prevent it from being written to the history, I do this when encrypting files with openssl. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com