List:General Discussion« Previous MessageNext Message »
From:Nuno Pereira Date:July 29 2005 1:49pm
Subject:Re: mysql command line execution
View as plain text  
Michael Stassen wrote:
> Ehrwin Mina wrote:
> 
>> Jeff,
>>
>> You can make a shell script or a php script or a perl script by that 
>> way you can hide the commands you need to execute.
>>
>> eg.
>>
>> Make a shell script (myshell.sh)
>>
>> #!/bin/sh
>>
>> myuser=dbuser
>> mypasswd=dbpassword
>> mydb=dbname
>> myhost=localhost
>> myport=3306
>>
>> db1=mysql -u$myuser -pmypasswd -Dmydb -h$myhost -P$myport
>>
>> echo "repair table employee" | $db1
>> echo "unlock table " | $db1
>>
>> exit
> 
> 
> This is no more secure, as it still puts the password on the command 
> line. Your script amounts to
> 
> echo "repair table employee" | mysql -udbuser -pdbpassword -Ddbname 
> -hlocalhost -P3306
> 
> echo "unlock table " | mysql -udbuser -pdbpassword -Ddbname -hlocalhost 
> -P3306
> 
> The password is on the command line of the commands issued by the 
> script, so it can be seen with ps.

That isn't true. If you make a ps, you will see something like "mysql -p 
x xxxxxxxx ................".

As I said before, you can use something like:
"mysql -uUser --password=`cat password_file` db"

See http://lists.mysql.com/mysql/186720.

But ensure that the password_file has access restrictions like 
-r--------, so that only the owner can read it.



> 
> The solution is to put the password in an option file (usually .my.cnf) 
> instead.  The client, mysql, will read the password from the option 
> file, without making it available to ps.
> 
> Michael
> 

-- 
Nuno Pereira
Thread
mysql command line executionJeff Richards29 Jul
  • Re: mysql command line executionBruce Dembecki29 Jul
  • Re: mysql command line executionMichael Stassen29 Jul
  • Re: mysql command line executionEhrwin Mina29 Jul
    • Re: mysql command line executionMichael Stassen29 Jul
      • Re: mysql command line executionNuno Pereira29 Jul
        • Re: mysql command line executionMichael Stassen29 Jul
          • Re: mysql command line executionNuno Pereira29 Jul
            • Re: mysql command line executionJason Pyeron29 Jul
              • Re: mysql command line executionNuno Pereira1 Aug
        • Re: mysql command line executionJoerg Bruehe29 Jul
        • Re: mysql command line executionEhrwin Mina1 Aug
          • Re: mysql command line executionEugene Kosov1 Aug
            • RE: mysql command line executionEdwin Cruz1 Aug
              • Re: mysql command line executionNuno Pereira1 Aug
Re: mysql command line executionNuno Pereira2 Aug
Re: mysql command line executionNuno Pereira3 Aug