Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Protect the password when using Mysql in an unattended bash-script

Tags:

bash

security

mysql

password-protection

I am writing a bash script (for a cron job) that uses mysql:

mysql -uusername -ppassword -e 'something;'

I am looking for a good way to keep the password handy for use in the script, but in a manner that will also keep this information secure from other users on that system. Users who could use ps -ef and users who might read text files...

So how can I safeguard passwords that will be used in an automated script on Linux?

like image 557
eye Avatar asked Jul 24 '13 07:07

eye

2 Answers

This is an updated answer for users of MySQL 5.6.6+

As documented in 4.6.6 mysql_config_editor — MySQL Configuration Utility, there is now a more secure way to store mySQL passwords, that does not store clear text passwords in a local configuration file.

The mysql_config_editor utility (available as of MySQL 5.6.6) enables you to store authentication credentials in an encrypted login path file named .mylogin.cnf. The file location is the %APPDATA%\MySQL directory on Windows and the current user's home directory on non-Windows systems. The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server.

This file can be created by running the following command:

mysql_config_editor set --login-path=client  --host=localhost --user=root --password

You can print the existing settings with the following command:

mysql_config_editor print --login-path=client

This will output the current settings:

[client]
user = root
password = *****
host = localhost

Notice the password is encrypted by default.

like image 191
Rodrigo Murillo Avatar answered Oct 07 '22 17:10

Rodrigo Murillo

Put all the settings in an option file. You can use your default ~/.my.cnf file, or you can specify an alternate file using --defaults-file==filename. See the documentation 4.2.3.4. Command-Line Options that Affect Option-File Handling

The option file contains default settings for mysql commands. You can put the following in it, for example.

[mysql]
user=username
password=password
database=yourdb

Make the option file readable only by you, so other users can't see your password.

like image 20
Barmar Avatar answered Oct 07 '22 17:10

Barmar
Sign in to Comment

Related questions

error in your SQL syntax creating MySQL trigger
mysql display list of user defined functions in phpmyadmin
How do I dump MySQL file without Foreign Keys via command line?
How to make a composite key to be unique?
In MySQL, how to return the week of the month? [duplicate]
mongodb translation for sql INSERT...SELECT
Sum columns in mysql then use the result in where clause
Laravel 4 cannot run whole RAW queries
How to select rows from last 2 hours in Doctrine
Use embedded database for test in spring boot
MYSQL: How can I find 'last monday's date' (performance Issue)
How to escape quotes when inserting into database with PHP [duplicate]
mysql stored procedure that calls itself recursively
Get all values from checkboxes? [duplicate]
PHP hashing function that returns an integer (32bit int)
LEFT JOIN AS new column?
how to remove underscore from values of textarea?
Restricting MySQL 3306 port to localhost with IPTABLES
Inserting coordinates into MySQL - PolyFromText SQL syntax error / returning null
mysql union different number of columns

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!