Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mysqldump launched by cron and password security

I wrote a script to backup my MySQL databases using:

mysqldump --opt --all-databases -u user -pmypassword > myDump.sql 

A cron launches it every night and scp the result to another server. mypassword appears in clear in my script, everyone can see it with the appropriate rights. I have been told about /proc issues too (where the cmd run can be seen).

MySQL documentation says:

Specifying a password on the command line should be considered insecure. See Section 7.6, "Keeping Your Password Secure".

I have not found this magic 7.6 sections anywhere.

What is the good practice to deal with automatic mysqldump and password security?

like image 431
kheraud Avatar asked Jul 28 '11 15:07

kheraud


1 Answers

Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):

Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:

[client] password=your_pass 

To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:

shell> chmod 600 .my.cnf 

To name from the command line a specific option file containing the password, use the --defaults-file=file_name option, where file_name is the full path name to the file.

like image 93
Sahil Muthoo Avatar answered Sep 20 '22 21:09

Sahil Muthoo