Bug #74545 | mysql allows to override login-path | ||
---|---|---|---|
Submitted: | 24 Oct 2014 10:53 | Modified: | 17 Jul 2015 14:11 |
Reporter: | Daniël van Eeden (OCA) | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: Command-line Clients | Severity: | S4 (Feature request) |
Version: | 5.6.19 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[24 Oct 2014 10:53]
Daniël van Eeden
[17 Jul 2015 14:11]
Georgi Kodinov
I don't think overriding data from the command prompt is a security issue. If you get access to the user's shell you can for sure read the mylogin.cnf file too. So I'm going to convert this to a feature request. I like your idea about adding the http://dev.mysql.com/doc/refman/5.7/en/mysql-command-options.html#option_mysql_enable-clea... option to list of options the mysql_config_editor handles. IMHO mysql_config_editor should support all of the authentication related options too (i.e. the -ssl options etc).