id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
24999	manage dbshell with mysql give the password on the command line, visible system wide	nirgal	Rigel Di Scala	"Hi

When using mysql backend, when one runs the dbshell command, subprocess.call() uses the mysql command line argument --password. This is insecure on multi-users systems, since anyone who can do ""ps"" is able to see the password.

I believe it would be much better to write the password in the temporary configuration file whose name is given using --defaults-extra-file=file_name, in a way similar to https://github.com/django/django/pull/4392"	Cleanup/optimization	closed	Core (Management commands)	dev	Normal	invalid			Accepted	0	0	0	0	0	0