Estimated reading time: 3 minutes
MySQL stores the commands executed in the MySQL command-line client in a history file. The default MySQL Client history file is named .mysql_history
and it is stored in the user’s home directory. This can be incredibly useful for quickly re-executing previous commands, but it also comes with potential risks, especially regarding security and privacy. By default, the MySQL Shell does not save history between sessions. In this blog we’ll explore why you might want to disable MySQL command history and how to do it.
Table of contents
Why disable the command history?
While the MySQL Command history is beneficial for keeping track of previous commands, sensitive information may also be logged to the .mysql_history
file. Let’s consider its potential risks and why you might want to disable the MySQL command history.
Security
Enhancing security is one of the most important reasons to disable MySQL command history. The history file can inadvertently save sensitive information, such as passwords and other confidential data, when it stores commands. So, if someone unauthorized gains access to the history file, they could retrieve sensitive information.
For example, consider the following command:
mysql -u root -pMySecretPassword
If MySQL stores this command in the history file, anyone accessing the file could see the password.
Compliance and Privacy Regulations
Many organizations must comply with strict data protection regulations like GDPR, HIPAA, or PCI DSS. Storing command history that includes sensitive data could violate these regulations. Disabling command history helps prevent the accidental storage of sensitive information, aiding compliance efforts.
Preventing Accidental Data Exposure
You should protect the .mysql_history
file with restrictive access because it might contain sensitive information, such as the text of SQL statements containing passwords. Even in a secure environment, there is always the risk of accidental data exposure. Hence, disabling MySQL command history reduces the chance that others accessing the same system could accidentally view sensitive information if you frequently work with it.
How to Disable MySQL Command History
There are a few ways to disable the history. Let’s Let’s look at some of them:
Temporarily disable the MySQL Command History
You can temporarily disable command history in Linux by setting the MYSQL_HISTFILE
environment variable to /dev/null
:
export MYSQL_HISTFILE=/dev/null
Important: Remember also to remove .mysql_history if it exists. As we mentioned above, the default MySQL Client history file is named .mysql_history
and stored in the user’s home directory.
This method only affects the current session and will revert once you close the terminal.
Read also: Adjust MySQL History Length: Improve Performance, Storage Cost
Permanently Disabling the History
To permanently disable MySQL command history, add the following line toshell’shell’s startup file (e.g., .bashrc
, .zshrc
):
echo "MYSQL_HISTFILE=/dev/null" >> ~/.bashrc
source ~/.bashrc
Also, remember to remove existing command history by deleting the .mysql_history
file located in your home directory:
rm ~/.mysql_history
Warning: This will delete all previously saved commands, so make sure you no longer need them before doing this.
Alternate way: Permanently Disabling the History
You can also create a symbolic to /dev/null for $HOME/.mysql_history:
ln -s /dev/null $HOME/.mysql_history