Keeping Your Password Secure
----------------------------
It is inadvisable to specify your password in a way that exposes it to
discovery by other users. The methods you can use to specify your
password when you run client programs are listed below, along with an
assessment of the risks of each method:
* Never give a normal user access to the `mysql.user' table. Knowing
the encrypted password for a user makes it possible to login as
this user. The passwords are only scrambled so that one shouldn't
be able to see the real password you used (if you happen to use a
similar password with your other applications).
* Use a `-pyour_pass' or `--password=your_pass' option on the command
line. This is convenient but insecure, because your password
becomes visible to system status programs (such as `ps') that may
be invoked by other users to display command lines. (MySQL
clients typically overwrite the command-line argument with zeroes
during their initialization sequence, but there is still a brief
interval during which the value is visible.)
* Use a `-p' or `--password' option (with no `your_pass' value
specified). In this case, the client program solicits the
password from the terminal:
shell> mysql -u user_name -p
Enter password: ********
The `*' characters represent your password.
It is more secure to enter your password this way than to specify
it on the command line because it is not visible to other users.
However, this method of entering a password is suitable only for
programs that you run interactively. If you want to invoke a
client from a script that runs non-interactively, there is no
opportunity to enter the password from the terminal. On some
systems, you may even find that the first line of your script is
read and interpreted (incorrectly) as your password!
* Store your password in a configuration file. For example, you can
list your password in the `[client]' section of the `.my.cnf' file
in your home directory:
[client]
password=your_pass
If you store your password in `.my.cnf', the file should not be
group or world readable or writable. Make sure the file's access
mode is `400' or `600'.
Note:Option files.
* You can store your password in the `MYSQL_PWD' environment
variable, but this method must be considered extremely insecure
and should not be used. Some versions of `ps' include an option
to display the environment of running processes; your password
will be in plain sight for all to see if you set `MYSQL_PWD'.
Even on systems without such a version of `ps', it is unwise to
assume there is no other method to observe process environments.
Note:Environment variables.
All in all, the safest methods are to have the client program prompt
for the password or to specify the password in a properly protected
`.my.cnf' file.