Michael Stassen wrote:
> Ehrwin Mina wrote:
>> You can make a shell script or a php script or a perl script by that
>> way you can hide the commands you need to execute.
>> Make a shell script (myshell.sh)
>> db1=mysql -u$myuser -pmypasswd -Dmydb -h$myhost -P$myport
>> echo "repair table employee" | $db1
>> echo "unlock table " | $db1
> This is no more secure, as it still puts the password on the command
> line. Your script amounts to
> echo "repair table employee" | mysql -udbuser -pdbpassword -Ddbname
> -hlocalhost -P3306
> echo "unlock table " | mysql -udbuser -pdbpassword -Ddbname -hlocalhost
> The password is on the command line of the commands issued by the
> script, so it can be seen with ps.
That isn't true. If you make a ps, you will see something like "mysql -p
x xxxxxxxx ................".
As I said before, you can use something like:
"mysql -uUser --password=`cat password_file` db"
But ensure that the password_file has access restrictions like
-r--------, so that only the owner can read it.
> The solution is to put the password in an option file (usually .my.cnf)
> instead. The client, mysql, will read the password from the option
> file, without making it available to ps.