Thursday, October 08, 2015

Solution for mysql Warning: Using a password on the command line interface can be insecure

Mysql or mysqldump "Warning: Using a password on the command line interface can be insecure" should not be IMO in the stderr. The stderr is for errors and not for warnings. The correct way to handle these situations in the shell should be using a different handler (should I propose stdwarn or stdwarning?) which of course we do not currently have available.

As I have stated in Stackoverflow, the recommended way to solve this issue penalizes the ones that do the right thing to protect the ones that do the wrong thing. If the password is stored inside a script file it will not show up with ps or in any log. Putting the credentials in an external file does help the ones that would cron a command using the plain text password instead of variables which, but why helping those when they are doing the incorrect thing? In the meantime scripts that have been running for years now fail and we need to modify them just because this warning comes up in the stderr.

Since we are stuck with using the external credentials file here is a quick hack to please mysql commands. Basically we create the file on the fly:

No comments: