> 1) write a script to do the deed & supply the args, and call it > as your command; then your command-line will only be the script name. > set (restrict) permissions as needed on the script file. > huuh? does this make sense? the script will eventually call/exec the main program, which will have the password in clear text on it's command line, too.
> 2) use variables (not very secure) or aliases (even less secure): > % set cmd='mysql -umyself -ptryagain db' > ... > % $cmd > same for this. this is expanded by the shell, so ps shows all sensitive data. > 3) if the command has a dotfile option (as in ~/.mysqlrc) then put > your sensitive stuff there and restrict privileges on that file. > that's the way to go. unfortunately, not all programs offer this feature. note: there is a way for the called prgram to clobber it's own command line. so the program would read it's parameters and then destroy them. the few milliseconds, until it has done so, the command line would be readable, of course. however, this method requires changing the source of the target program. -- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- If Windows is the answer, I want the problems back!