On 2007-04-13 Russell Coker wrote: > Package: mysql-server > Version: 5.0.32-7etch1 > Severity: important > > There is an obvious need for scripts to securely access mysql. Using a > command-line parameter for a password is known to be insecure and > documented as such in mysql(1). > > A simple solution to this problem is to offer another command-line > parameter (maybe -P) that specifies the name of a file which contains a > password. > > So if I want to allow a PHP script to connect to MySQL I would create a > file that is only readable by the www-data user which contains the password > and the script could call "mysql -u www-data > -P /etc/apache2/password-file".
Use a defaults-file for this. Like cat $HOME/.my.cnf [client] user = russel pass = cookie Then mysql, mysqldump and everything else run by Unix user russel will read and use this. bye, -christian-
signature.asc
Description: PGP signature
