This gem is a wrapper for the mysql and mysqldump command line programs. It is not intended to be used as an interface to MySQL for application code. If you have a suggestion on how to circumvent passing the password on the command line for this gem I would be happy to hear it.
I know that these CLIs will read a .my.cnf file - so a password does not need to be exposed on the command line if you don't want it to - you just need to specify the password in your .my.cnf file and this gem will respect those settings.
To circumvent this issue/confusion entirely, the latest version of this gem (v1.0.0) no longer supports a --password option. The expectation now is that passwords are only configured in a configuration file. This means it is no longer possible to expose passwords on the command line.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5002
The text was updated successfully, but these errors were encountered: