On Mon, Sep 12, 2011 at 05:37, Devin Reade <gdr at gno.org> wrote: > Getting back to the original question, it is a feature of mysql (not > of CentOS per se), but there's nothing that stops other (C) programs > from doing something similar. Shortly after startup, a programmer can > set things up so that command line arguments (or in this case one of > them) is hidden from anyone from viewing the process table. > > However, even using this mechanism there is a window where, if someone > looks at the process table at the right time, they will see the password > in cleartext. > > So, despite the mysql programmers trying to minimize the chance of > leaking the password it is still a risk and so the advice others have > given about -p (without the password) and .my.cnf is still the best > option. > Thanks. I did not realize that this window of opportunity exists. Considering the circumstances, I think that it is a fair tradeoff. Thank you for the information! -- Dotan Cohen http://gibberish.co.il http://what-is-what.com