List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:June 22 2001 8:17pm
Subject:Re: ~/.mysql_history
View as plain text  
At 10:00 PM -0800 2/10/01, Thomas DeMartini wrote:
>I've been looking for a way to disable logging to mysql_history on a 
>global basis.  Does anyone know of a way to do this?  If so, please 
>e-mail me at this address (I don't check the list).  If not, can 
>someone tell me how to submit a feature request?
>
>My current work-around is to create the file ~/.mysql_history with 
>no permissions so that MySQL can't write it if it wanted to. 
>Fortunately MySQL doesn't complain about that and lets me go.

You could also make it a link to /dev/null.

>
>I'm looking for something like a command line option:
>   mysql --history=no
>and/or the related functionality in the /etc/my.cnf file.
>
>The problem I have is that a lot of my users type passwords into 
>their MySQL queries to insert them into the tables and then other 
>users without MySQL access come along and look at the first user's 
>.mysql_history file (which is created 644 by default) to look at the 
>passwords.  Then they go to the web

Perhaps each user's home directory should be set to 700 to keep out other
users.  Is that a possibility?

Another possibility: set each user's umask to 022.  Then the .mysql_history
file will be created mode 600, not 644.

>site that the first user setup and pretend to be the other people 
>who's passwords were in the history file.  I'd like to be able to 
>setup my site so that by default it doesn't write a history file 
>unless the user specifies mysql --history=yes or the equivalent.
>
>Thanks,
>Thomas.
>Please send replies to tdemarti@stripped, I don't check the list.


-- 
Paul DuBois, paul@stripped
Thread
~/.mysql_historyThomas DeMartini11 Feb
  • Re: ~/.mysql_historyPaul DuBois22 Jun