Re: backups without revealing password

Mon, 28 Oct 2002 06:45:52 -0800

create a .my.cnf file in your home directory, and enter the useid and password here.

David T-G wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, all!

I would like to dump my mysql databases to cold files for separate
backups; we're too cheap to buy the database agent that will do it live.

I started with

mysqldump --user=root --password=showtheworld --all-databases > ...

as I've seen in numerous scripts posted to this list, but of course that
shows the world my DB root password if you happen to run top at the right
time (or are the adventurous type who might run a script to, say, look
for and log any mysql commands). My next step was to

<create dumpster user with no password>
grant select on *.* to dumpster@localhost

so that I can run

mysqldump --user=dumpster --all-databases > ...

and at least protect all of my writing privs -- but now the DB id of a
user that can obviously read every bit of data in there is also exposed.

What I need is a way to connect to the database from a cron job without
exposing the password in the environment. What amazes me is that even
confidential databases at large companies are accessed through scripts
with the passwords embedded -- and the scripts are often world-readable!

Is there anything analagous to an ssh key pair so that only an OS user
connecting with the DB id private key can get in to do the select and run
the mysqldump? Or am I barking up the wrong tree and should I instead do
something else to cleanly and securely back up the databases?


TIA & HAND

:-D
- -- David T-G * There is too much animal courage in (play) [EMAIL PROTECTED] * society and not sufficient moral courage.
(work) [EMAIL PROTECTED] -- Mary Baker Eddy, "Science and Health"
http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE9vUEvGb7uCXufRwARAhD4AKDj+BMcS2bUtfTnMNd7mF4tPKBX5wCgv+wF
ijDeFAYEEH//YbW5qsExAmY=
=Y+bQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php




---------------------------------------------------------------------
Before posting, please check:
  http://www.mysql.com/manual.php   (the manual)
  http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
























					Reply via email to