Thursday, February 13, 2014

Don't put you passwords in the commandline

Consider this shell command

$>mysql -u username -p password

Passwords on the command line are a real BAD idea. Here's why:

1. They are easily viewable in the process-list by doing a ps
2. They are easily viewable in the command history by doing history

Remember, don't enter your passwords in version control systems like Git. Git servers like github are often published to a wider audience within an organization. Always use external configuration files or a configuration framework such as Configatron to deploy password/username/keys/etc.

No comments:

Post a Comment