You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This gem is a wrapper for the mysql and mysqldump command line programs. It is not intended to be used as an interface to MySQL for application code. If you have a suggestion on how to circumvent passing the password on the command line for this gem I would be happy to hear it.
I know that these CLIs will read a .my.cnf file - so a password does not need to be exposed on the command line if you don't want it to - you just need to specify the password in your .my.cnf file and this gem will respect those settings.
To circumvent this issue/confusion entirely, the latest version of this gem (v1.0.0) no longer supports a --password option. The expectation now is that passwords are only configured in a configuration file. This means it is no longer possible to expose passwords on the command line.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5002
The text was updated successfully, but these errors were encountered: