Issue 72 in innotop: Ask for a password when -p option is given without a value

62 views
Skip to first unread message

inn...@googlecode.com

unread,
Sep 12, 2012, 6:39:02 PM9/12/12
to innotop...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 72 by rene.sch...@gmail.com: Ask for a password when -p option is
given without a value
http://code.google.com/p/innotop/issues/detail?id=72

What steps will reproduce the problem?
'innotop -p secret' vs. 'innotop -p'

What is the expected output? What do you see instead?
Giving a password directly on the cmdline is quite insecure (it shows up in
the history etc.)

Can innotop act like the mysql client when the -p option is given without a
value - prompting for a password? Like...

$ mysql -p
Enter password:

What version of the product are you using? On what operating system?
innotop 1.8.1

Baron Schwartz

unread,
Sep 12, 2012, 9:19:24 PM9/12/12
to innotop...@googlegroups.com
I think I've looked into this before for Maatkit/Percona-Toolkit and
getopt::long makes it hard/impossible/impractical.

inn...@googlecode.com

unread,
Sep 17, 2012, 2:08:40 PM9/17/12
to innotop...@googlegroups.com
Updates:
Status: WontFix

Comment #1 on issue 72 by baron.sc...@gmail.com: Ask for a password when -p
I think I've looked into this before for Maatkit/Percona-Toolkit and
getopt::long makes it hard/impossible/impractical. If you find otherwise,
please attach a patch and I'll fix it! But in general I never use passwords
on the command line; you can save them in the config file, save them in
your ~/.my.cnf, or innotop can prompt you for the password when it connects.

inn...@googlecode.com

unread,
Feb 3, 2013, 8:29:09 AM2/3/13
to innotop...@googlegroups.com

Comment #2 on issue 72 by rene.sch...@gmail.com: Ask for a password when -p
As I have seen that others also like to have this feature
(https://groups.google.com/forum/?fromgroups=#!topic/innotop-discuss/m5_02qAa8Ks)
I had a deeper look.

For a possible solution have a look a the attached files.

Attachments:
ask_pass_for_mysql.pl 1.2 KB
ask_pass_for_mysql.usage 1.3 KB

inn...@googlecode.com

unread,
Feb 4, 2013, 3:47:01 PM2/4/13
to innotop...@googlegroups.com

Comment #3 on issue 72 by ntuc...@gmail.com: Ask for a password when -p
Please also consider allowing use of the MYSQL_PWD env var like most of the
mysql tools allow. At my company, we have a tool which allows individual
users to avoid ever directly knowing the passwords or storing them in files
(they are retrieved on-the-fly from a remote system by a wrapper which sets
MYSQL_PWD and then invokes the mysql tool), which facilitates easy password
rotation and reduces the likelihood of anyone feeling the need to "write
them down" anywhere. A patch to innotop was provided for this a while
back. We have been using it in production ever since, but it would be nice
to get it into the released tool.

here is the patch:
https://groups.google.com/forum/?fromgroups=#!topic/innotop-discuss/v98Iza3X8cg



Reply all
Reply to author
Forward
0 new messages