Bug #3545 mysqlhotcopy should have a --passwordfile option
Submitted: 22 Apr 2004 14:25 Modified: 30 Nov 2009 14:31
Reporter: Tobias Burnus Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S4 (Feature request)
Version:3.23.49, 5.1.x OS:Linux (Linux)
Assigned to: CPU Architecture:Any

[22 Apr 2004 14:25] Tobias Burnus 
Description:
/usr/bin/mysqlhotcopy currently has no commandline option to pass the password as password file. (Passing the password directly is considered insecure.)

Below one can fine a working but not necessarily beautiful patch.

How to repeat:
http://dev.mysql.com/doc/mysql/en/mysqlhotcopy.html
and look for a method to pass the password not as commandline but e.g. as file

Suggested fix:
--- /usr/bin/mysqlhotcopy       Fri Sep 12 01:10:54 2003
+++ zedv-mysqlhotcopy   Sun Dec 22 23:52:01 2002
@@ -50,6 +50,7 @@
   -?, --help           display this helpscreen and exit
   -u, --user=#         user for database login if not current user
   -p, --password=#     password to use when connecting to server
+  --passwordfile=#     file which contains the password
   -P, --port=#         port to use when connecting to local server
   -S, --socket=#       socket to use when connecting to local server

@@ -91,6 +92,7 @@
     "help",
     "user|u=s",
     "password|p=s",
+    "passwordfile=s",
     "port|P=s",
     "socket|S=s",
     "allowold!",
@@ -111,6 +113,13 @@
     "dryrun|n",
 ) or usage("Invalid option");

+if($opt{'passwordfile'}) {
+ open(PF, "<".$opt{'passwordfile'}) || die "Passwordfile: $!";
+ $opt{'password'} = (<PF>)[0];
+ chomp($opt{'password'});
+ close(PF);
+}
+
 # @db_desc
 # ==========
 # a list of hash-refs containing:
[22 Apr 2004 15:46] Paul DuBois 
If you want to put the password in a file, you can just
use the standard technique of putting it in an option
file.  mysqlhotcopy reads the [client] and [mysqlhotcopy]
groups, so you can use either of those.
[23 Apr 2004 1:32] Tobias Burnus 
> If you want to put the password in a file, you can just
> use the standard technique of putting it in an option
> file.  mysqlhotcopy reads the [client] and [mysqlhotcopy]
> groups, so you can use either of those.

Well, for sure I don't want to put it into /etc/my.cnf since those settings should apply for all and the file is therefore world readable. (Somehow my mysqlhotcopy crashes if my.cnf is world-readable, though).
Neither do I want to put the config into $SOMEUSER/.my.cnf. Thus instead of giving a passwordfile an option to give a configfile would be also fine with me.
[25 Apr 2004 22:45] Sergei Golubchik 
I'm not sure I understand why ~/.my.cnf wouldn't work for you.

Anyway, the compatible way to do what you want is to use --defaults-extra-file command-line option that any mysql client is expected to support. mysqlhotcopy doesn't though - we'll consider adding this option to it.
[30 Nov 2009 14:31] Valeriy Kravchuk 
--default-extra-file option is still NOT supported by mysqlhotcopy command line utility:

77-52-12-228:5.1 openxs$ bin/mysqlhotcopy --defaults-extra-file=~/.my.cnf
Unknown option: defaults-extra-file
Invalid option
bin/mysqlhotcopy Ver 1.23
...