As I have stated in Stackoverflow, the recommended way to solve this issue penalizes the ones that do the right thing to protect the ones that do the wrong thing. If the password is stored inside a script file it will not show up with ps or in any log. Putting the credentials in an external file does help the ones that would cron a command using the plain text password instead of variables which, but why helping those when they are doing the incorrect thing? In the meantime scripts that have been running for years now fail and we need to modify them just because this warning comes up in the stderr.
Since we are stuck with using the external credentials file here is a quick hack to please mysql commands. Basically we create the file on the fly:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Let us consider the following typical mysql backup script: | |
| mysqldump --routines --no-data -h $mysqlHost -P $mysqlPort -u $mysqlUser -p$mysqlPassword $database | |
| # It succeeds but stderr will get: | |
| # Warning: Using a password on the command line interface can be insecure. | |
| # You can fix this with the below hack: | |
| credentialsFile=/mysql-credentials.cnf | |
| echo "[client]" > $credentialsFile | |
| echo "user=$mysqlUser" >> $credentialsFile | |
| echo "password=$mysqlPassword" >> $credentialsFile | |
| echo "host=$mysqlHost" >> $credentialsFile | |
| mysqldump --defaults-extra-file=$credentialsFile --routines --no-data $database | |
| # This should not be IMO an error. It is just a 'considered best practice' | |
| # Read more from http://thinkinginsoftware.blogspot.com/2015/10/solution-for-mysql-warning-using.html |
No comments:
Post a Comment