384ac0990f
The usage of the --password flag when invoking the mysql CLI has the potential of exposing the password in plain text if the command happens to crash due to the inclusion of args provided to subprocess.run(check=True) in the string representation of the subprocess.CalledProcessError exception raised on non-zero return code. Since this has the potential of leaking the password to logging facilities configured to capture crashes (e.g. sys.excepthook, Sentry) it's safer to rely on the MYSQL_PWD environment variable instead even if its usage is discouraged due to potential leak through the ps command on old flavors of Unix. Thanks Charlie Denton for reporting the issue to the security team. Refs #24999. |
||
|---|---|---|
| .. | ||
| base | ||
| dummy | ||
| mysql | ||
| oracle | ||
| postgresql | ||
| sqlite3 | ||
| __init__.py | ||
| ddl_references.py | ||
| signals.py | ||
| utils.py | ||