[FIX] Mysql warning "password on the command line"

[[TM]SixSense]

This warning only show up with mysql version 5.6 & 5.7. If you have a lower version please ignore this post.

Warning on shell & mysql log: Using a password on the command line interface can be insecure.

I know a lot of people use the mysql_query (standard) function from questlib.lua and they get this warning.

If you use a mysql user change the above "YOURUSERNAME" and use the command:

Code:

mysql_config_editor set --login-path=local --host=localhost --user=YOURUSERNAME --password

If you use the root mysql user, use the command:

Code:

mysql_config_editor set --login-path=local --host=localhost --user=root --password

Put your password. OK..

We can see, the system creates a new crypted file: .mylogin.cnf
You can see this file on /home/YOURUSERNAME/.mylogin.cnf or for root: /root/.mylogin.cnf
Is crypted but you can see what's inside (password is hidden by *****) with the command:

Code:

mysql_config_editor print --all

If you want to enter mysql just use the command:

Code:

mysql --login-path=local

Now .. lets open questlib.lua and remove the mysql_query function and add this new one .. because is not need to read anymore what's inside of CONFIG file (get username/password).
Replace your function with this one:

 Spoiler

PHP Code:

mysql_query = function(query)
    math.randomseed(os.time())
    local fi,t,out = 'mysql_data_'..math.random(10^9)+math.random(2^4,2^10),{},{}
    os.execute('mysql --login-path=local -e'..string.format('%q',query)..' > '..fi)
    for av in io.open(fi,'r'):lines() do table.insert(t,split(av,'\t')) end; os.remove(fi);
    for i = 2, table.getn(t) do 
        table.foreach(t[i],function(a,b)
        out[i-1]               = out[i-1] or {}
        out[i-1][a]            = tonumber(b) or b or 'NULL'
        out[t[1][a]]           = out[t[1][a]] or {}
        out[t[1][a]][i-1]      = tonumber(b) or b or 'NULL'
        end)
    end
    out.__lines = t[1]
    return out
end 


That is all. Have a nice day!