Bug #25143 | mysql.exe client: shows password in command prompt window title | ||
---|---|---|---|
Submitted: | 18 Dec 2006 14:37 | Modified: | 19 Dec 2006 21:27 |
Reporter: | luca nanetti | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Command-line Clients | Severity: | S4 (Feature request) |
Version: | 5.0.27-community-nt | OS: | Windows (win xp) |
Assigned to: | CPU Architecture: | Any | |
Tags: | clear text, password |
[18 Dec 2006 14:37]
luca nanetti
[19 Dec 2006 21:27]
Valeriy Kravchuk
Thank you for a problem report. Yes, everything works just as you describe. And it may be even possible to what you suggest easily (so I mark this as a reasonable feature request). But: 1. Once again, this is a default behaviour of cmd.exe 2. Other command line clients (Oracle's sqlplus, for example) works the same way 3. Your password will be visible in cmd.exe window for some time, and will appear in commands history, if you put it in plain text as one of the command's parameter and not close the window later 4. Tricks like this add almost nothing to security, if people does not care to NOT include password into the command line.