CartMetrix - Do you know yours?

« Hegemony | Home | Automating Screen Shots on Mac OSX »

6/23/2006

MySQL Client Security on the Command Line

The MySQL client allows specifying the database password on the command line using the following parameters:

mysql -utheusername -pthepassword thedatabasename

If you are in a habit of doing this… STOP NOW!

If you are using a shell like Bash, the password is saved in the bash_history file. Should anyone into the server, they can easily get your MySQL password by viewing the history file.

Altering the command line to:

mysql -utheusername -p thedatabasename

Causes MySQL to ask for the password, so that it cannot be stored in the history.

Proper security is layered. Just because one account password is hacked, doesn’t mean you should give away the keys to MySQL too!

Popularity: 14%

Share This

» date: 23-Jun-06 15:39:22 CDT
» cat: Security
» popularity: 14%
» actions: comments + respond + trackback + feed + email article
» pages: linking posts
» previous: Hegemony
» next: Automating Screen Shots on Mac OSX

Trackback:

Related Posts

One Response to “MySQL Client Security on the Command Line”

  1. barnaby jones said:
    March 24th, 2008 at 7:27 pm

    good point.

    likewise, mysql client logs all commands to $HOME/.mysql_history by default (at least on debian), which exposes all passwords that you set on the mysql shell to all who can read this file.

    cheerio!

Post your opinion

Verification Image

Please type the letters you see in the picture.

Subscribe without commenting


damonparker.org is proudly powered by WordPress
Entries (RSS) and Comments (RSS).

copyright © 2002-2009 damonparker.org. all rights reserved.

Close
E-mail It