Bug #84322 No way to override .mylogin.cnf
Submitted: 22 Dec 2016 22:46 Modified: 23 Dec 2016 13:38
Reporter: Peter Zaitsev Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.6,5.7 OS:Any
Assigned to: CPU Architecture:Any

[22 Dec 2016 22:46] Peter Zaitsev 
Description:
Since MySQL 5.6  you can store login information in .mylogin.cnf which is read automatically by all mysql command line tools. 

This file is even read if --no-defaults is used and there seems to be no option available not to read it

Number of programs written in shell may relay on "mysql" command line client for MySQL manipulation. 

Passing password as command line option is insecure and produces warning in MySQL 5.7, however passing password with custom crafted config file is no more possible as   .mylogin.cnf overrides them. 

How to repeat:
See above

Suggested fix:
Perhaps there should option to disable processing this file or specify different path for custom connection information
[23 Dec 2016 6:06] MySQL Verification Team 
Hello Peter,

Thank you for the report and feedback.

Thanks,
Umesh
[23 Dec 2016 13:38] Peter Zaitsev 
Note,  David Bennett  has suggested you can override it changing HOME environment variable but it is used for many purposes inside the system and I do not think right solution for this problem
[23 Dec 2016 16:09] Tsubasa Tanaka 
There's another way to not to read ~/.mylogin.cnf, you can set dummy path to MYSQL_TEST_LOGIN_FILE.

$ mysql_config_editor set --user=".my.login.cnf"
$ mysql -uroot
ERROR 1045 (28000): Access denied for user '.my.login.cnf'@'localhost' (using password: NO)

$ MYSQL_TEST_LOGIN_FILE="" mysql -uroot
mysql>
[23 Dec 2016 16:10] Tsubasa Tanaka 
I agree this should provide as option, not only environment variable.