Keeping mysql passwords secure
Regular readers will remember my article about installing
and configuring mysql. In that article you’ll see how I did a database backup. I’ve found a way to improve that
script.
~/.my.cnf
The script I use for backing up my database is available from:
In that script, I include the password in the call to mysqldump. That’s
not the best thing to do. So I found a way around it by reading the documentation.
At http://www.mysql.com/php/manual.php3?section=Password_security
I found the following
Store your password in a configuration file. For example, you can list your
password in the [client] section of the `.my.cnf’ file in your home directory:[client]
password=your_passIf you store your password in `.my.cnf’, the file should not be group or world
readable or writable. Make sure the file’s access mode is 400 or 600. See section 4.15.4 Option files.
So that’s exactly what I did. Now you can use this to connect to your database
without having to specify the password on the command line. This is ideal for
scripts. And the updated script is at samples/database_dump2.sh.txt
NOTE: the file name ends in .cnf and not .conf
like many configuration files.
If you use this feature, do not use the -p option on mysql.