mysql_history and passwords

Peter Skarpetis | April 20, 2005 | 10:00 pm

In order to provide the up/down arrow command history, the mysql program stores anything you type in the file .mysql_history in your home directory. For most commands this is ok but what about grant statements?

If you regularly use grant or update statements to add or modify users and passwords, then anyone with read access to the file .mysql_history can see the usernames and passwords required to gain access to your database.

To avoid such security traps just use your favourite text editor and delete the offending lines from the file ~/.mysql_history. Do this each time you issue a grant or update statement containing a password and your site will be much more secure.

Technorati Tags: ,

Categories
Blogged
Comments rss
Comments rss
Trackback
Trackback

« Safari 1.3 shenanigans xemacs 21.4.17 and Tiger »

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>