In regard to your update:
When a process is started it has a dedicated area of memory where arguments are stored and a int which tells how many arguments was passed.
MEMORY
argc 2
argv[0] program_name
argv[1] foo
argv[2] bar
MySQL check if password was passed on command line by -p
, and if it was copy it to a new variable that is not visible, then overwrite that region of memory with x
'es.
In simple terms e.g.:
argc 2
argv[1] -p
argv[2] p4ssw0rd
new_var = copy(argv[2]);
argv[2] = "xxxxx";
You can find it e.g. in client/mysqladmin.cc
of the source code:
case 'p':
...
opt_password=my_strdup(argument,MYF(MY_FAE));
while (*argument)
*argument++= 'x'; /* Destroy argument */
When ps
run it reads the memory region of the arguments, (argv[N]
), and thus it is xxxx
.
For a very short while the password is visible, but only for a few CPU cycles.
You can update the MySQL password using the special --init-file
option and procedure. C.5.4.1.2. Resetting the Root Password: Unix Systems
mysqld_safe --init-file=/home/me/mysql-init &
Edit:
As @Gilles say, you can echo
, printf
or use here
document from a script.
You can also add this to .my.cnf
of your home directory or in a (temporary) file and use the --defaults-extra-file
option. (Believe you have to add that option early on the command line.) optionally also include user. Also note the extra in the option name unless you want to use only that file as configuration:
[client]
user=foo
password='password!'
shell> chmod 400 my_tmp.cnf
shell> mysql --defaults-extra-file=my_tmp.conf -...
Optionally the [client]
grouping makes mysqld
skip the configuration.
One can also use MYSQL_PWD
environment variable, but that should never be used as you can list environment, in many ps
implementations by ps -e
, in the /proc/<PID>/environ
file on Linux etc.
tr '\0' '\n' < /proc/<PID>/environ
More on the topic here.
You might also want to have a look at the MySQL Configuration Utility which enables you to store password in a encrypted file in your home directory – .mylogin.cnf
.
Best Answer
See https://stackoverflow.com/questions/645659/how-do-you-htdigest-400-user-accounts
The easiest method, based on one of the suggestions in the top-voted answer, is probably this:
I've used
md5sum
from GNU coreutils andawk
rather than justmd5
because it's what i have installed on my system and I couldn't be bothered finding out which package contains/usr/bin/md5
- you could also usesha512sum
or other hashing program.e.g. if user=foo, realm=bar, and password=baz then the command above will produce:
htdigest doesn't do anything magical or even unusual - it just outputs the user, realm, and password in the right format...as the command above does.
Deleting the digest for a given user:realm instead of just adding one, can easily be done with sed.
And updating/changing the digest for a user:realm can also be done with sed in combination with the method above to generate the digest line. e.g.