On Sun, 2011-09-11 at 19:56 +0300, Dotan Cohen wrote: > On Sun, Sep 11, 2011 at 19:35, Craig White <craigwhite at azapple.com> wrote: > > you'd still have it in bash_history though so it's really a poor idea to > > ever pass a significant password directly on the command line execution > > - whether visible or not visible to ps. Much better is to be prompted > > for the password instead... > > > > mysql mysql -u root -p > > > > and it will prompt > > > > another option is to have ~/.my.cnf which already has your password > > > > Craig > > > > Actually, it's not in Bash history because I log in from a remote > server like this: > $ ssh -t dotan at 1.2.3.4 "mysql -u root -pSECRET" > > That, in turn, is actually aliased to something else. Therefore the > login info does appear in my _local_ alias file, but if that is > compromised then there is no reason to assume that ~/.ssh/ isn't also > compromised, and vice versa. > > Additionally, one could add a space before a command to prevent it > from being written to the history, I do this when encrypting files > with openssl. ---- not exactly sure what point you are trying to make about being compromised - not all that relevant but you can still just use -p option without the password and get prompted for the password which actually solves your question. Also, since MySQL is client/server you could probably use the mysql client on your local machine and connect to the server and use encryption but that isn't what you asked. Also, presuming you are using bash on the originating machine, you would have it in bash_history, just on a different machine. The point I was trying to make is that it is generally a poor idea to put a password into a shell command whether mysql or whatever. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.