Comment 1 for bug 907280

Alexey Kopytov (akopytov) wrote :

I don't see a way to fix this reliably. It is possible to change the process title that appears in ps output on some operating systems to hide the password. But:

- there will always be a relatively short period of time after the process is started and before the title is changed, when the password will still be visible in ps.
- it's not portable
- even after innobackupex changes the process title for its own process, it still calls the mysql command line client later with the same password on the command line, which has the same problem.

So it will just give a false sense of security, which is known to be even worse than a lack of security.

The only alternative to not have the password visible in ps is to add it to my.cnf and use that file with innobackupex. In case the configuration file containing the password must have different access attributes than the main my.cnf, the solution proposed in bug #740489 should work (which is a feature request for addition configuration file to be passed as --default-extra-file).