w trillich wrote: > 1) write a script to do the deed & supply the args, and call it > as your command; then your command-line will only be the script name. > set (restrict) permissions as needed on the script file.
No that doesn't work. Your script still runs a program with some arguments; those arguments are still visible. > 2) use variables (not very secure) or aliases (even less secure): > % set cmd='mysql -umyself -ptryagain db' > ... > % $cmd No, that doesn't work, same reason. It doesn't matter _how_ you get the arguments to the program, they will still be visible in /proc and ps. > 3) if the command has a dotfile option (as in ~/.mysqlrc) then put > your sensitive stuff there and restrict privileges on that file. Yes. The only true solution to a program that requires sensative data be passed on the command line is the fix the program so it reads it from elsewhere. -- see shy jo
