Bug #98765 mysql prompt: use placeholder for lines with 'password' in history
Submitted: 27 Feb 2020 17:01 Modified: 28 Feb 2020 14:10
Reporter: Wiebe Cazemier Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:mysql Ver 14.14 Distrib 5.7.29, for Lin OS:Any
Assigned to: CPU Architecture:Any

[27 Feb 2020 17:01] Wiebe Cazemier 
Description:
Newer versions of the MySQL command-line client leave out lines with 'password' or 'identified by', and similar ones. This gets really precarious because people are used to pressing 'up, enter' all the time, and this can lead to very unfortunate results.

Let's say you're removing certain records and afterwards inspecting the users table:

DELETE FROM mytable ORDER BY id LIMIT 10;
SELECT user,password,host FROM mysql.user;
KEYUP KEYENTER
-> sad-face

It scares me all the time if I realize I accidentally executed the wrong line from history.

Instead, it should replace the removed line with a placeholder, something that doesn't execute, like '-- line removed'.

mysql  Ver 14.14 Distrib 5.7.29, for Linux (x86_64) using  EditLine wrapper

How to repeat:
.

Suggested fix:
.
[28 Feb 2020 13:34] MySQL Verification Team 
Hi Mr. Cazemier,

Thank you for your bug report.

I suppose that you see this behaviour only on 5.7 and not on 8.0.

Also, it seems that instead of ';-(' you would like to see '-- can't display', or something like that. ????

If that is a case, I am afraid that your request is very insignificant and would not qualify for further processing.

Next, there are several warnings in our manuals that you should NEVER query `mysql` database. In light of those warnings, I do not think that this is a bug at all, since you are going directly against our recommendations.

Not a bug.
[28 Feb 2020 13:56] Wiebe Cazemier 
Hello,

It was version 5.7 indeed. Does 8.0 do it better?

I never said to see ';-(' I said to see '-- line removed'.

The querying the mysql table was merely an example. I'm developing something where I have a field `passwordHash`, and every time I type SOMETHING with that field name in it, they query isn't remembered, and I type 'up, enter', and every time I get a heart attack because I see I executed the wrong query.

Replacing the line from history is far better then removing it.
[28 Feb 2020 14:01] MySQL Verification Team 
Once again, our Reference manual strongly recommends that you do not access privilege tables directly.

Use SHOW GRANTS and other commands that are designed for that purpose.

Not a bug.
[28 Feb 2020 14:09] Wiebe Cazemier 
It's not about accessing mysql privilge tables. It's about string matching to remove lines from history.

When I do:

DELETE FROM something something;
SELECT * FROM users WHERE userHasResetPassword = 1;

It's now NOT remembered and removed from history. I fully expect that when I press: [up, enter], the query is executed again. NOT the one before it.
[28 Feb 2020 14:10] Wiebe Cazemier 
For clarity: let's name the table 'myusers'. It's an application table.
[28 Feb 2020 14:14] MySQL Verification Team 
I have tested it and it works fine for me with 5.7 mysql CLI.