cron启动的mysqldump和密码安全

2021-12-13 00:00:00 security mysql mysqldump

我写了一个脚本来备份我的 MySQL 数据库:

I wrote a script to backup my MySQL databases using:

mysqldump --opt --all-databases -u user -pmypassword > myDump.sql

一个 cron 每天晚上启动它并将结果 scp 到另一台服务器.mypassword 在我的脚本中以明文形式出现,每个人都可以通过适当的权限看到它.我也被告知/proc 问题(可以看到 cmd 运行的地方).

A cron launches it every night and scp the result to another server. mypassword appears in clear in my script, everyone can see it with the appropriate rights. I have been told about /proc issues too (where the cmd run can be seen).

MySQL 文档说:

在命令行上指定密码应该被认为是不安全的.请参阅第 7.6 节保护密码安全".

Specifying a password on the command line should be considered insecure. See Section 7.6, "Keeping Your Password Secure".

我还没有在任何地方找到这个神奇的 7.6 部分.

I have not found this magic 7.6 sections anywhere.

处理自动 mysqldump 和密码安全的好做法是什么?

What is the good practice to deal with automatic mysqldump and password security?

推荐答案

Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):

Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):

将您的密码存储在选项文件中.例如,在 Unix 上,您可以在主目录中的 .my.cnf 文件的 [client] 部分列出您的密码:

Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:

[client]
password=your_pass

为了确保密码安全,除了您自己之外,任何人都不应访问该文件.为确保这一点,请将文件访问模式设置为 400 或 600.例如:

To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:

shell> chmod 600 .my.cnf

要从命令行命名包含密码的特定选项文件,请使用 --defaults-file=file_name 选项,其中 file_name 是到文件.

To name from the command line a specific option file containing the password, use the --defaults-file=file_name option, where file_name is the full path name to the file.

相关文章