• Developer Zone
• Lists Home
• FAQ

Ehrwin Mina wrote:

> Jeff,
> 
> You can make a shell script or a php script or a perl script by that way 
> you can hide the commands you need to execute.
> 
> eg.
> 
> Make a shell script (myshell.sh)
> 
> #!/bin/sh
> 
> myuser=dbuser
> mypasswd=dbpassword
> mydb=dbname
> myhost=localhost
> myport=3306
> 
> db1=mysql -u$myuser -pmypasswd -Dmydb -h$myhost -P$myport
> 
> echo "repair table employee" | $db1
> echo "unlock table " | $db1
> 
> exit

This is no more secure, as it still puts the password on the command line. 
Your script amounts to

echo "repair table employee" | mysql -udbuser -pdbpassword -Ddbname 
-hlocalhost -P3306

echo "unlock table " | mysql -udbuser -pdbpassword -Ddbname -hlocalhost -P3306

The password is on the command line of the commands issued by the script, so 
it can be seen with ps.

The solution is to put the password in an option file (usually .my.cnf) 
instead.  The client, mysql, will read the password from the option file, 
without making it available to ps.

Michael