Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
542 views
in Technique[技术] by (71.8m points)

mysql - Mysqldump launched by cron and password security

I wrote a script to backup my MySQL databases using:

mysqldump --opt --all-databases -u user -pmypassword > myDump.sql

A cron launches it every night and scp the result to another server. mypassword appears in clear in my script, everyone can see it with the appropriate rights. I have been told about /proc issues too (where the cmd run can be seen).

MySQL documentation says:

Specifying a password on the command line should be considered insecure. See Section 7.6, "Keeping Your Password Secure".

I have not found this magic 7.6 sections anywhere.

What is the good practice to deal with automatic mysqldump and password security?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):

Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:

[client]
password=your_pass

To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:

shell> chmod 600 .my.cnf

To name from the command line a specific option file containing the password, use the --defaults-file=file_name option, where file_name is the full path name to the file.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...