Hi!
Nuno Pereira wrote:
Michael Stassen wrote:
[[...]]
echo "unlock table " | mysql -udbuser -pdbpassword -Ddbname
-hlocalhost -P3306
The password is on the command line of the commands issued by the
script, so it can be seen with ps.
That isn't true. If you make a ps, you will see something like "mysql -p
x xxxxxxxx ................".
This does not work / happen everywhere, AFAIK. In inexact terms:
When a Unix-style system (including Linux) starts a process, the command
line arguments are provided by the parent process (typically: the shell)
which then calls fork() and exec(). Across the exec(), they are stored
in some system area linked to the process table.
From there, they are copied to the new program's address space to be
accessed as the "char **argv" parameter of main().
The program can modify argv, but it cannot modify the system area.
Now AFAIK there are systems where "ps" will look at the program's
address space and see the changed arguments, but also ones where ps will
look at the system's address space and see the original arguments (and
report them!).
As I said before, you can use something like:
"mysql -uUser --password=`cat password_file` db"
This does not change anything, as backticks are evaluated by the shell.
When mysql is started in this way, the password is still a plaintext
argument.
Jörg
--
Joerg Bruehe, Senior Production Engineer
MySQL AB, www.mysql.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
