Password passed on the command line is shown in process list / bash history
Bug #1028829 reported by
Piotr Kilczuk
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MySQL Data Dumper |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Originally reported as: https:/
I'm just pasting as this issue stops me from using this promising project.
Hi,
I'm new to mydumper and think it's a great tool, but what worries me is that the password for the account used to create the export is shown in the process list.
I can live with the fact that I have to provide the password at the command-line, but showing the password in the processlist is a big security risk as all users on a normal Linux machine can see all processes... and thus see a username/password combination which they can use to login at MySQL...
Is there any way to secure this in mydumper?
Michel
Changed in mydumper: | |
status: | New → Confirmed |
To post a comment you must log in.
It should be able to read your ~/.my.cnf ([client] and [mydumper] groups probably, I'm not sure if I actually implemented :)