Bug #1423 plaintext password in OS
Submitted: 28 Sep 2003 19:12 Modified: 29 Sep 2003 4:11
Reporter: [ name withheld ] Email Updates:
Status: Not a Bug Impact on me:
Category:MySQL Server: Command-line Clients Severity:S2 (Serious)
Version: OS:
Assigned to: CPU Architecture:Any

[28 Sep 2003 19:12] [ name withheld ]
Come on guys - READ the user comments, and FIX your manual!

I had no idea that your product was stupid enough to write out all my new passwords in PLAIN TEXT into my ~/.mysql_history file.

You should make it REALLY CLEAR - IN THE MANUAL - that we need to delete this (or better fix your bug so your product outputs *** instead of passwords into the ~/.mysql_history file)

How to repeat:
shell> mysql -u root mysql
mysql> UPDATE user SET Password=PASSWORD('new_password')
    ->             WHERE user='root';
mysql> ^D

cat .mysql_history

Suggested fix:
Output "********" rather than password text into .mysql_history
[28 Sep 2003 19:30] Paul DuBois
.mysql_history is created with permissions that allow
it to be read only by you (mode 600). It is not
readable by other users unless you change it.

This situation is similar to storing passwords in .my.cnf,
which also should not be set to be readable by other users.
[29 Sep 2003 4:11] Alexander Keremidarski
I would add that this is similar to storing passwords in .bash_history as well as with any *_history file.

If you login as mysql -pyour_secure_passwd bash will write it as is in .bash_history which has same 600 permissions.

As Paul already commented it is up to user to keep all his files secure.

And you must notice that password is not the only sensitive information stored in .mysql_history. Every data stored in your databases can appear in .mysql_history due to some INSERT, UPDATE and even SELECT ... WHERE ...

What is the difference for example between:

1. SET PASSWORD FOR root@localhosy=PASSWORD('new_password');


2. UPDATE my_bank_acct SET money = 2000000 WHERE acct_no = 12345678;

I would not want to reveal my acct_no and money there maybe even more than root@loclahost password.

If you want to hide values in 1. you will also want to hide them in 2. but then you should raise quesiton why history files exist at all...

MySQL itself does not increase security risk.