Michael Stassen wrote:
> Ehrwin Mina wrote:
>
>> Jeff,
>>
>> You can make a shell script or a php script or a perl script by that
>> way you can hide the commands you need to execute.
>>
>> eg.
>>
>> Make a shell script (myshell.sh)
>>
>> #!/bin/sh
>>
>> myuser=dbuser
>> mypasswd=dbpassword
>> mydb=dbname
>> myhost=localhost
>> myport=3306
>>
>> db1=mysql -u$myuser -pmypasswd -Dmydb -h$myhost -P$myport
>>
>> echo "repair table employee" | $db1
>> echo "unlock table " | $db1
>>
>> exit
>
>
> This is no more secure, as it still puts the password on the command
> line. Your script amounts to
>
> echo "repair table employee" | mysql -udbuser -pdbpassword -Ddbname
> -hlocalhost -P3306
>
> echo "unlock table " | mysql -udbuser -pdbpassword -Ddbname -hlocalhost
> -P3306
>
> The password is on the command line of the commands issued by the
> script, so it can be seen with ps.
That isn't true. If you make a ps, you will see something like "mysql -p
x xxxxxxxx ................".
As I said before, you can use something like:
"mysql -uUser --password=`cat password_file` db"
See http://lists.mysql.com/mysql/186720.
But ensure that the password_file has access restrictions like
-r--------, so that only the owner can read it.
>
> The solution is to put the password in an option file (usually .my.cnf)
> instead. The client, mysql, will read the password from the option
> file, without making it available to ps.
>
> Michael
>
--
Nuno Pereira
