How MySQL hides the password on the command line in a Linux system

Source: Internet
Author: User
Tags definition function definition mysql in printf stdin strlen

This article mainly introduces the MySQL in the Linux system hides the command line password method, the author uses the simple C program realization, needs the friend to be possible to refer to under

Entering commands on the command line is not a good idea and can create security problems. But if you decide to write an application, the application needs to use a password or other sensitive information on the command line. So, can you prevent other users of the system from seeing these sensitive data easily, like MySQL hiding passwords under the PS command.

Suppose I have two users in this system, one is root and one is Dabu. The test system for CentOS 6.5 is done in the following steps:

?

1 2 3 4 [Root@dabu.info ~] #su Dabu #切换到dabu这个账号 [dabu@dabu.info ~] $CD ~ #切换到dabu的home目录 [dabu@dabu.info ~]$ touch pwhide.c #创建 PWH ide.c file [dabu@dabu.info ~] $ls

Show:

Copy code code as follows:

Pwhide.c

Save the following code to PWHIDE.C:

?

1-2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19-20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40-41 #include <stdio.h> #include <unistd.h>/* UNIX class system-defined symbol constants header file/#include <string.h>//character array function definition header file * * Include <sys/types.h>/* Unix/linux system's basic system data Type header file/  int main (int argc, char *argv[])/* parameter argc refers to the number of parameters in the command line ( Including the execution file itself). Parameter argv is a carton string of pointer array * * {int i = 0; pid_t mypid = Getpid ();/* Obtain the program runtime's pid*/if (argc = 1)/* If the number of argc parameters equals 1, as required, should be ARGC 2 before Line */return 1; /* Exception exit/printf ("argc =%d and Arguments are:n", argc); /* Print ARGC number of parameters/for (i < argc; i++)/* Print I serial number, and corresponding argv array pointer element/printf ("%d =%sn", I, argv[i]); /* Print I serial number, and corresponding argv array pointer element/printf ("replacing the argument with x:es ... Now open another terminal and Run:ps P%DN ", (int) mypid); /* Print the string and the program Yes pid*/  fflush (stdout); * Empty the buffer and print its contents * * memset (argv[1], ' x ', strlen (argv[1)); * Note that this is the focus and key point of this article. (original http://www.dabu.info/?p=5150) is the use of memset (void *s, int c, size_t N) function with x to overwrite each character of the password *. You can also replace x with a, then recompile the run, and then PS see what is different/getc (stdin); /* Wait and get keyboard input, in fact, the main function here is to keep the C program in the running state, so that you can view the PID through PS to see if the password is hidden. So after this function is run, there is no longer anyWhat keyboard operation */return 0; /* Normal exit/  #include <stdio.h> #include <unistd.h> * Unix class System The header file of the symbol constant/#include <string.h>/* Word The header file of the function definition of an array of characters/#include <sys/types.h>//* Unix/linux system header file/  int main (int argc, char *argv[])/* parameter AR The GC refers to the number of parameters in the command line, including the execution file itself. Parameter argv is a carton string of pointer array * * {int i = 0; pid_t mypid = Getpid ();/* Obtain the program runtime's pid*/if (argc = 1)/* If the number of argc parameters equals 1, as required, should be ARGC 2 before Line */return 1; /* Exception exit/printf ("argc =%d and Arguments are:n", argc); /* Print ARGC number of parameters/for (i < argc; i++)/* Print I serial number, and corresponding argv array pointer element/printf ("%d =%sn", I, argv[i]); /* Print I serial number, and corresponding argv array pointer element/printf ("replacing the argument with x:es ... Now open another terminal and Run:ps P%DN ", (int) mypid); /* Print the string and the program Yes pid*/  fflush (stdout); * Empty the buffer and print its contents * * memset (argv[1], ' x ', strlen (argv[1)); * Note that this is the focus and key point of this article. (original http://www.dabu.info/?p=5150) is the use of memset (void *s, int c, size_t N) function with x to overwrite each character of the password *. You can also replace x with a, then recompile the run, and then PS see what is different/getc (stdin); /* Wait and get keyboard input, in fact, the main function here is to keep the C program in the running state, so as to passCheck the PID over PS to see if the password is hidden. So after this function is run, there can be no more keyboard operation * * return 0; /* Normal exit */}

Then compile the pwhide.c command as follows:

?

1 2 [Dabu@dabu.info ~]$ gcc-o Hide pwhide.c #编译后的文件叫 hide [dabu@dabu.info ~]$ ls

Show:

The code is as follows:

Hide Pwhide.c

To test with a compiled program:

?

1 2 3 4 5 6 [Dabu@dabu.info ~]$./hide dabu.info//dabu.info as a parameter (in fact, a password) to test the display: ARGC = 2 and arguments are:0 =./hide 1 = dabu.info Replacing-argument with x:es ... Now open another terminal and Run:ps p 15585

Note: PS P 15585. You may not be the same as me, because the PID will change every time it runs. What number do you show, and what number will you use later?

After displaying the results above, no more action is done and the Terminal Window (Command window) is not closed. Then log in with the root account, which is equivalent to opening two terminal windows at the same time. Enter the following command:

?

1 2 3 4 [Root@dabu.info ~] #ps p 15585 #就是运行./hide Dabu.info, the PID of the program is displayed: PID TTY STAT time COMMAND 15585 pts/0. s+ Xxxxxxxxx//dabu.info has a total of 9 characters, so this shows 9 x

As a result of this test, we know that this method allows MySQL to hide the password on the command line under the PS command. By the way, after you write another program, you know how to use this method to have the program hide command-line arguments under the PS command.

For simplicity's sake, the code above may not be easy to migrate to other platforms, but it can work on Linux and express the key points. In other environments, such as FreeBSD, you can use the system call Setproctitle () to do this coolie work for you. The key point is to rewrite the argv

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.