• Developer Zone
• Lists Home
• FAQ

At 09:49 PM 7/29/2005, Nuno Pereira wrote:
>Michael Stassen wrote:
>>Ehrwin Mina wrote:
>>
>>>Jeff,
>>>
>>>You can make a shell script or a php script or a perl script by that way 
>>>you can hide the commands you need to execute.
>>>
>>>eg.
>>>
>>>Make a shell script (myshell.sh)
>>>
>>>#!/bin/sh
>>>
>>>myuser=dbuser
>>>mypasswd=dbpassword
>>>mydb=dbname
>>>myhost=localhost
>>>myport=3306
>>>
>>>db1=mysql -u$myuser -pmypasswd -Dmydb -h$myhost -P$myport
>>>
>>>echo "repair table employee" | $db1
>>>echo "unlock table " | $db1
>>>
>>>exit
>>
>>This is no more secure, as it still puts the password on the command 
>>line. Your script amounts to
>>echo "repair table employee" | mysql -udbuser -pdbpassword -Ddbname 
>>-hlocalhost -P3306
>>echo "unlock table " | mysql -udbuser -pdbpassword -Ddbname -hlocalhost 
>>-P3306
>>The password is on the command line of the commands issued by the script, 
>>so it can be seen with ps.
>
>That isn't true. If you make a ps, you will see something like "mysql -p x 
>xxxxxxxx ................".
>
>As I said before, you can use something like:
>"mysql -uUser --password=`cat password_file` db"
>
>See http://lists.mysql.com/mysql/186720.
>
>But ensure that the password_file has access restrictions like -r--------, 
>so that only the owner can read it.
>
>
>
>>The solution is to put the password in an option file (usually .my.cnf) 
>>instead.  The client, mysql, will read the password from the option file, 
>>without making it available to ps.
>>Michael
>
>--
>Nuno Pereira
>
>--
>MySQL General Mailing List
>For list archives: http://lists.mysql.com/mysql
>To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
>


FYI,

Nuno is correct you cannot see the password in the 'ps' and my scripts is 
just an example you can modify it for more security like putting it a 
config file or much better if you can use perl. Don't forget the user 
privileges only.

Thanks,


Ehrwin C. Mina

9/F Tower 2
RCBC Plaza
6819 Ayala Avenue cor. Sen. Gil J. Puyat Avenue
Makati City 1200 Philippines

Cell       (63 918) 930 4383
            (63 917) 845 2102
Tel        (63 2) 757 2630/32
Fax        (63 2) 757 2633
Email      ehrwin@stripped
Web        www.chikka.com

This message and any attachment are confidential and may be privileged or 
otherwise protected from disclosure. If you are not the intended recipient, 
you must not copy this message or attachment or disclose the contents to 
any other person. If you have received this transmission in error, please 
notify the sender immediately and delete the message and any attachment 
from your system. Chikka does not accept liability for any omissions or 
errors in this message which may arise as a result of E-Mail-transmission 
or for damages resulting from any unauthorized changes of the content of 
this message and any attachment thereto. Chikka does not guarantee that 
this message is free of viruses and does not accept liability for any 
damages caused by any virus transmitted therewith.