Adam Laurie wrote:
>
> Michael Widenius wrote:
> >
> > >>>>> "Adam" == Adam Laurie <adam@stripped> writes:
> >
> > Adam> Can I suggest you create an empty ~/.my.cnf with the correct file
> > Adam> permisions (i.e. same as ~/.mysql_history) so that later setups don't
> > Adam> inadvertantly leak passwords & stuff...
> >
> > The question is when to do this. We can't to this when installing
> > MySQL, as the there is probably going to be many more users than just
> > the one that is doing the install. I also don't think it's a good idea to
> > automaticly create the above file in all our clients.
>
> i would do it at the same time you create the ~/.my.history file - i.e.
> the first time you run a client.
>
> > One solution would be te check the permission of the ~/.my.cnf file
> > each time you start the mysql client and if it's readable for all give
> > a warning for this. Do you think this would be good enough for you?
>
> no, because the user may not understand/care about the issue. we have to
> protect against lazy/dumb users. a warning would be good as well, so if
> they accidentally change it's permissions they get to notice.
Not only should the client give a warning,
it could remove the extra permission(s) as well.
That way, users who care about warnings will find out what happened,
and users who don't care will have it done nonetheless, automagically.
Jan Dvorak
