Reputation: 2290
Security of passwords in bash subcommands
I've heard that directly inputting your password on the command line is a bad idea, because anyone could see the "secret" in
mysql -u root -psecret
by browsing history.
I have a password for my MySQL database stored in a text file with limited read permissions, and was wondering if it is safe to access it in the following way:
mysql -u root -p$(cat ~/.mysql_pass)
Browsing history, I see the command printed, not the literal value. So it seems like it's working the way I want it to.
I'm sure there are better ways of handling passwords, I would just like to know whether or not this one is leaving my password completely out in the open.
Upvotes: 0
Views: 180
Answers (2)
Reputation: 15746
You've suggested using the following:
mysql -u root -p$(cat ~/.mysql_pass)
However, the subcommand will be expanded before mysql is executed and so even if this isn't available in the command history, it's entirely possible for someone to view the process list just after invocation and see your password.
I think a better approach is to use a mysql client options file and have the mysql command read the password from the options file.
Upvotes: 2
Reputation: 1322
Just type mysql -u root -p and you'll get a prompt to enter your password and it won't be stored in the history.
Upvotes: 0
Related Questions
- Bash Script Mysql Warning: Using a password on the command line interface can be insecure
- The use of brackets in MySQL password
- How to set mysql password automatically in bash script?
- MySQL Set Password Via Command-Line Variable
- Save mysql password in a bash script and use it instead of cmd line
- Protect the password when using Mysql in an unattended bash-script
- Mysql password warning in bash script
- bash shell script prompting for database password
- Store MySQL password in bash-script
- MySQL password input in bash script