Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why can't I pipe a password into mysql non-interactively?

Tags:

mysql

I want to run mysql client, giving the password non-interactively.

The standard solution is this

mysql -u root -e "foo" -p < password_file

but my situation is this

produce_password | mysql -u root -p

Here, mysql prompts for a password, even though data is being piped in. (Yes, produce_password is emitting data; echo foo | mysql behaves the same way.)

The Internet seems to think the above should work, but the fact is it doesn't. The workaround would be

produce_password > password_file
mysql -u root -p < password_file
rm password_file

But let's say I don't want to do this (e.g. policy demands that this password never be written to the disk)

How can I make mysql take the password from the input process without prompting, as it would for a file?

like image 240
spraff Avatar asked Sep 06 '25 18:09

spraff

2 Answers

I don't know how to explain this, but when you pipe something, the stdout of the first program is forwarded to the stdin of the second program. You somehow confuse this, with the command line or whatever. You can pipe something to mysql, of course, but whatever you pipe is handled after you've authenticated yourself.

The solution would be 

mysql -u root -p$(produce_password)

This generates your password with whatever program you have there and puts it in the right place on your commandline (my english is bad, can't explain better). When you have it in a file you could do

mysql -u root -p$(cat file)

I don't know, why you want to do it this way anyway, but you might be interested in having an encrypted file with your credentials, that you can use to log in without specifying a password. Read more about it here.

like image 149
fancyPants Avatar answered Sep 10 '25 08:09

fancyPants

With thanks to fancyPants for explaining the cause, here is a solution which meets my requirements. (The encrypted .mylogin.cnf with mysql_config_editor isn't right for me, but thanks.)

To satisfy the security policy, mount /ramfs as a ramfs temporary file system. Assume file permissions are suitably restrictive.

ramdir="/ramfs"
cnf="$(mktemp "$ramdir/this-script-name-XXXXX")"
pw="$(produce_password)"

cat >"$cnf" <<EOF
[client]
user=root
password="$pw"
EOF

mysql --defaults-extra-file="$cnf" -e 'select 1'

rm "$cnf"
like image 35
spraff Avatar answered Sep 10 '25 08:09

spraff
Sign in to Comment

Related questions

Yii2: How to save form data in two tables from one form?
Mysql retrieve polygon data
SQLAlchemy bulk update strategies
Prevent Json ordering while inserting into Mysql table
Why does SELECT ... FOR UPDATE with a subquery create a snapshot in MySQL but INSERT ... SELECT does not?
KWIC in Text database
What does the e flag and special characters do in mysql?
Rails get column names from all tables after join
How to call MySQL stored procedure with OUT parameter in Laravel
"Where" statement: match a single word (not substring)
Slow query when using ORDER BY
Mysqli prepared statement (SQL injection prevention)
mysqldump not dumping stored procedures
How to analyse MySQL Slow Query Log or MySQL General Query Log? [closed]
Couchbase benchmark reveals very slow INSERTs and GETs (using KeyValue operations); slower than persisted MySQL data
How can I group recyclerview item by category in android studio
Not able to create MYSQL table due to autoincrement duplicate

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!