Bug #13058 Mysqldump security problem
Submitted: 8 Sep 2005 9:22 Modified: 8 Sep 2005 13:14
Reporter: Ralf Baechle Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:Any OS:UNIX/Linux
Assigned to: CPU Architecture:Any

[8 Sep 2005 9:22] Ralf Baechle 
Description:
Unfortunately mysqldump(8) only accept passwords either from a terminal or on the command line.  The first is not usable for scripting for obvious reasons, the second is a big security whole as the password will be visible to in the process table to any user.

I classify this one as serious as it makes mysqldump and thus possibly mysql unsuitable for running on systems with untrusted users.

How to repeat:
(Bloody webform wants me to fill this section ...)

Suggested fix:
 o Allow reading of a password from stdin (cat /etc/mysql/mydbpasswd | mysqldump ...)
 o Allow reading of a password from a file like mysqldump --passwd-file /etc/mysqpasswd
 o Allow reading of password from an additional filedescripter named on the command line
    like: cat /etc/mysq/mydbpasswd >3 mysqldump --read-passwd-from-fd=3.  Overkill but
    neato with some scripting languages and gets away without temporary files.  Definately
    only a solution in addition to one of the above two, if at all.
 o Environment variables are not a solution, they're globally visible in a UNIX system just
    like command lines of all processes.
[8 Sep 2005 13:14] Hartmut Holzgraefe 
you can put the password in an extra optiosn file like this

  [mysqldump]
  password=...

and read it in using the --defaults-extra-file option

see also

http://dev.mysql.com/doc/mysql/en/option-files.html