[CentOS] No MySQL password in ps aux!

Mon Sep 12 18:59:57 UTC 2011
Dotan Cohen <dotancohen at gmail.com>

On Mon, Sep 12, 2011 at 05:37, Devin Reade <gdr at gno.org> wrote:
> Getting back to the original question, it is a feature of mysql (not
> of CentOS per se), but there's nothing that stops other (C) programs
> from doing something similar.  Shortly after startup, a programmer can
> set things up so that command line arguments (or in this case one of
> them) is hidden from anyone from viewing the process table.
>
> However, even using this mechanism there is a window where, if someone
> looks at the process table at the right time, they will see the password
> in cleartext.
>
> So, despite the mysql programmers trying to minimize the chance of
> leaking the password it is still a risk and so the advice others have
> given about -p (without the password) and .my.cnf is still the best
> option.
>

Thanks. I did not realize that this window of opportunity exists.
Considering the circumstances, I think that it is a fair tradeoff.

Thank you for the information!

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com