1

I am passing the password to a mysql connection via a script using :

mysql -u root -p'mypass'

so I can execute task on that line using --execute.

I have seen in many stackexchange forums that passing password through command line is highly not recommended due to ps sniffing. So I am trying to see if I can indeed grab the mysql password just viewing the processes running. The only thing I was able to do was this:

ps -p 4034 -o command

but the answer I am getting is:

COMMAND
mysql -u root -px xxxxxxxxxx

(mysql running on 4034 pid) It looks that the system 'encrypts' the password by default. So my question is, is it really possible to grab passwords as parameters through command line?

Simon Ernesto Cardenas Zarate
  • 251
  • 1
  • 3
  • 12
  • You can store the login credentials in MySQL client configuration file. – Tero Kilkanen Feb 21 '18 at 23:27
  • Hi, thank you for your answer. I am going to use a config file, I just want to know if it's really possible to grab passwords passed through command line – Simon Ernesto Cardenas Zarate Feb 21 '18 at 23:35
  • 1
    Technically, it's not the "system" obscuring the password, it's mysql overwriting that particular command line argument. There will be some amount of time where the password is exposed via ps before it gets overwritten. – Brandon Xavier Feb 22 '18 at 02:11

1 Answers1

0

If a system has snoopy installed (which logs commands in auth.log) then it would be retrievable from there but also bash history would have it in.

Also - where is your script located as it could probably be just read from within the script

Timothy Frew
  • 582
  • 3
  • 7