cron启动的mysqldump和密码安全
我写了一个脚本来备份我的 MySQL 数据库:
I wrote a script to backup my MySQL databases using:
mysqldump --opt --all-databases -u user -pmypassword > myDump.sql
一个 cron 每天晚上启动它并将结果 scp 到另一台服务器.mypassword
在我的脚本中以明文形式出现,每个人都可以通过适当的权限看到它.我也被告知/proc 问题(可以看到 cmd 运行的地方).
A cron launches it every night and scp the result to another server.
mypassword
appears in clear in my script, everyone can see it with the appropriate rights. I have been told about /proc issues too (where the cmd run can be seen).
MySQL 文档说:
在命令行上指定密码应该被认为是不安全的.请参阅第 7.6 节保护密码安全".
Specifying a password on the command line should be considered insecure. See Section 7.6, "Keeping Your Password Secure".
我还没有在任何地方找到这个神奇的 7.6 部分.
I have not found this magic 7.6 sections anywhere.
处理自动 mysqldump 和密码安全的好做法是什么?
What is the good practice to deal with automatic mysqldump and password security?
推荐答案
Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):
Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):
将您的密码存储在选项文件中.例如,在 Unix 上,您可以在主目录中的 .my.cnf 文件的 [client] 部分列出您的密码:
Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:
[client]
password=your_pass
为了确保密码安全,除了您自己之外,任何人都不应访问该文件.为确保这一点,请将文件访问模式设置为 400 或 600.例如:
To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:
shell> chmod 600 .my.cnf
要从命令行命名包含密码的特定选项文件,请使用 --defaults-file=file_name
选项,其中 file_name
是到文件.
To name from the command line a specific option file containing the password, use the --defaults-file=file_name
option, where file_name
is the full path name to the file.
相关文章