[CentOS] No MySQL password in ps aux!

Sun Sep 11 16:56:13 UTC 2011
Dotan Cohen <dotancohen at gmail.com>

On Sun, Sep 11, 2011 at 19:35, Craig White <craigwhite at azapple.com> wrote:
> you'd still have it in bash_history though so it's really a poor idea to
> ever pass a significant password directly on the command line execution
> - whether visible or not visible to ps. Much better is to be prompted
> for the password instead...
>
> mysql mysql -u root -p
>
> and it will prompt
>
> another option is to have ~/.my.cnf which already has your password
>
> Craig
>

Actually, it's not in Bash history because I log in from a remote
server like this:
$ ssh -t dotan at 1.2.3.4 "mysql -u root -pSECRET"

That, in turn, is actually aliased to something else. Therefore the
login info does appear in my _local_ alias file, but if that is
compromised then there is no reason to assume that ~/.ssh/ isn't also
compromised, and vice versa.

Additionally, one could add a space before a command to prevent it
from being written to the history, I do this when encrypting files
with openssl.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com