I wrote a script to backup my MySQL databases using:
mysqldump --opt --all-databases -u user -pmypassword > myDump.sql
A cron launches it every night and scp the result to another server. mypassword
appears in clear in my script, everyone can see it with the appropriate rights. I have been told about /proc issues too (where the cmd run can be seen).
MySQL documentation says:
Specifying a password on the command line should be considered insecure. See Section 7.6, "Keeping Your Password Secure".
I have not found this magic 7.6 sections anywhere.
What is the good practice to deal with automatic mysqldump and password security?
Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):
Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:
[client] password=your_pass
To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:
shell> chmod 600 .my.cnf
To name from the command line a specific option file containing the password, use the
--defaults-file=file_name
option, wherefile_name
is the full path name to the file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With