Apr 192000

Keeping mysql passwords secure

Regular readers will remember my article about installing and configuring mysql.  In that article you’ll see how I did a database backup.  I’ve found a way to improve that script.


The script I use for backing up my database is available from:


In that script, I include the password in the call to mysqldump.  That’s not the best thing to do.  So I found a way around it by reading the documentation.   At http://www.mysql.com/php/manual.php3?section=Password_security I found the following

Store your password in a configuration file. For example, you can list your password in the [client] section of the `.my.cnf’ file in your home directory:


If you store your password in `.my.cnf’, the file should not be group or world readable or writable. Make sure the file’s access mode is 400 or 600. See section 4.15.4 Option files.

So that’s exactly what I did.  Now you can use this to connect to your database without having to specify the password on the command line.  This is ideal for scripts. And the updated script is at samples/database_dump2.sh.txt

NOTE: the file name ends in .cnf and not .conf like many configuration files.

If you use this feature, do not use the -p option on mysql.