MySQL Client Security on the Command Line

by damonp on June 23, 2006

in Security

The MySQL client allows specifying the database password on the command line using the following parameters:

mysql -utheusername -pthepassword thedatabasename

If you are in a habit of doing this… STOP NOW!

If you are using a shell like Bash, the password is saved in the bash_history file. Should anyone into the server, they can easily get your MySQL password by viewing the history file.

Altering the command line to:

mysql -utheusername -p thedatabasename

Causes MySQL to ask for the password, so that it cannot be stored in the history.

Proper security is layered. Just because one account password is hacked, doesn’t mean you should give away the keys to MySQL too!

Popularity: 1%

Most Popular Posts

Damon Parker is a freelance sysadmin and web developer in Texas. He specializes in server setup, server security and high performance server configurations. Need help setting up a web server or getting a server back online after a crash or hack? Email Damon

{ 1 comment… read it below or add one }

barnaby jones March 24, 2008 at 7:27 pm

good point.

likewise, mysql client logs all commands to $HOME/.mysql_history by default (at least on debian), which exposes all passwords that you set on the mysql shell to all who can read this file.

cheerio!

Reply

Leave a Comment

Previous post:

Next post: