1.4 Verify That the MYSQL_PWD Environment Variable Is Not In Use
MySQL can read a default database password from an environment variable called MYSQL_PWD. Avoiding use of this environment variable can better safeguard the confidentiality of MySQL credentials. Rationale: Using the MYSQL_PWD environment variable implies MySQL credentials are stored as clear text.
Check which users and/or scripts are setting MYSQL_PWD and change them to use a more secure method. For unattended logins you should consider: MySQL Configuration Editor Different authentication methods (e.g., X509 certificate verification) Use MySQL Enterprise LDAP plugin with Kerberos or SASL tokens. Default Value: Not set.