Instead of passing the da_admin password via command line for mysqldump, instead create: /usr/local/directadmin/conf/my.cnf, and fill with data from mysql.conf in the [client]format for mysqldump to read. This my.cnf is passed to mysqldump via --defaults-extra-file. This ensures the da_admin password is not seen from any process lists. On many OS's, mysqldump hides this information from the process list, but some do not hence this is needed. Either way, this method is more secure. Thanks to Erik Smit for this report. added: damycnf=/usr/local/directadmin/conf/my.cnf as an internal default to the directadmin.conf file (not present by default).