On Mon, Sep 12, 2011 at 05:37, Devin Reade <gdr@xxxxxxx> wrote:
> Getting back to the original question, it is a feature of mysql (not
> of CentOS per se), but there's nothing that stops other (C) programs
> from doing something similar. Shortly after startup, a programmer can
> set things up so that command line arguments (or in this case one of
> them) is hidden from anyone from viewing the process table.
>
> However, even using this mechanism there is a window where, if someone
> looks at the process table at the right time, they will see the password
> in cleartext.
>
> So, despite the mysql programmers trying to minimize the chance of
> leaking the password it is still a risk and so the advice others have
> given about -p (without the password) and .my.cnf is still the best
> option.
>
Thanks. I did not realize that this window of opportunity exists.
Considering the circumstances, I think that it is a fair tradeoff.
Thank you for the information!
--
Dotan Cohen
http://gibberish.co.il
http://what-is-what.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
