You *COULD* include the information in the my.cnf file under the
[client] area, something like this:
[client]
user=bruce
password=brucesPassword
That would tell the client to use that unless something else is
disabled.
Of course that needs to be saved in plain text in a plain text file
somewhere where people could get to it, so it may not be much of an
improvement...
However there are several areas that my.cnf can be stored, so there
may be some opportunities here... Given that one of the places a
valid my.cnf file can exist is the users home directory (where it
would be called something like ~.my.cnf and is somewhat harder to see
because of the leading dot) you could setup a user specifically for
handling such tasks in your server's account management system.
Probably avoid making such a user on a network user management system
such as LDAP or NIS or anything, but you can build a local account
for this user. Assign this user a home directory, and set
permissions restrictions on the home directory and the .my.cnf file
so other users can't access it. Then you could su to this user and
create a crontab to execute your scripts... because you will be this
user your mysql command line client would read your .my.cnf file and
use that username and password unless told otherwise by the command
line calling mysql.
That said I stress again... it is still a plain text file and the
password is saved in readable text... if you forget to set enough
permissions to prevent other users from accessing the file or
something you can run into trouble. I wouldn't consider it "secure",
but it's better than including the password in the scripts all over
the place. You other users would need to get into this new phantom
users home directory, find the file and read it... because the file
is called .my.cnf it won't show on "ls" unless someone does an ls -a
and then only if they have permissions to access that directory -
given you will probably give the home directory in question
drwx------ permissions only someone logged in as that user (or root)
should be able to access the directory and see whats in it, and the
file will need otbe readable by the user, so it needs at least -
r-------- permission, probably not much more than that.
Best Regards, Bruce
On Jul 28, 2005, at 7:09 PM, Jeff Richards wrote:
Hi,
Is there a secure way of running mysql commands against the db from
the
command line, or in some kind of secure batch mode, without making the
password totally visible? We need to procedurize things like "flush
tables with read lock", "unlock tables" etc. Is making the password
visible on the command line the only way?
Thanks,
Jeff
--
Jeff Richards
Consulting Architect
Openwave Systems Asia Pacific
+61 415 638757
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?
[EMAIL PROTECTED]
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
