Bug #72923 mysqldump should work reliably as a non-interactive program
Submitted: 9 Jun 2014 22:08 Modified: 11 Jun 2014 12:02
Reporter: Morgan Tocker Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: mysqldump Command-line Client Severity:S3 (Non-critical)
Version:5.6, 5.7 OS:Any
Assigned to: CPU Architecture:Any

[9 Jun 2014 22:08] Morgan Tocker 
Description:
Similar to bug #66546, Drupal has had to build a specific workaround for mysqldump in MySQL 5.6.  See: https://drupal.org/node/2281011

--- > Warning: Using a password on the command line interface can be insecure.

This is difficult to suggest a workaround to, because:
- mysql_config_editor is interactive.  Thus it can't be easily used.
- Parsing a --defaults-file argument (and generating a temp file) may work, but it also removes the ability to use another --defaults-file file (although this is the leading suggestion I have.)
- Parsing a --defaults-extra-file doesn't work (since options specified in a defaults-file are not overwritten).

In general using CLI arguments are quite useful here, since they allow consistent overriding of local behavior.

How to repeat:
Step 1. Download and install drupal.
Step 2. Apply patch described at https://drupal.org/node/2281011

Suggested fix:
Maybe the easiest solution is to print the existing warning as an SQL comment?

I am not sure environment variables are visible in the processlist.  Maybe mysql_config_editor can be extended to support reading the input password from the environment?
[9 Jun 2014 22:43] Morgan Tocker 
Ignore third bullet point in description.  Related to a mistake I made debugging w/mysql-sandbox.  See:  BUG #72924
[11 Jun 2014 12:02] MySQL Verification Team 
Hello Morgan,

Thank you for the feature request, suggestion!

Thanks,
Umesh
[11 Jun 2014 12:03] MySQL Verification Team 
// Password passed on command line should generate warning

 bin/mysql -u root -p123
Warning: Using a password on the command line interface can be insecure.