Keeping mysql passwords secure

Keeping mysql passwords secure

Regular readers will remember my article about installing
and configuring mysql
.  In that article you’ll see how I did a database backup.  I’ve found a way to improve that
script.

~/.my.cnf

The script I use for backing up my database is available from:

samples/database_dump2.sh.txt

In that script, I include the password in the call to mysqldump.  That’s
not the best thing to do.  So I found a way around it by reading the documentation.
  At http://www.mysql.com/php/manual.php3?section=Password_security
I found the following

Store your password in a configuration file. For example, you can list your
password in the [client] section of the `.my.cnf’ file in your home directory:

[client]
password=your_pass

If you store your password in `.my.cnf’, the file should not be group or world
readable or writable. Make sure the file’s access mode is 400 or 600. See section 4.15.4 Option files.

So that’s exactly what I did.  Now you can use this to connect to your database
without having to specify the password on the command line.  This is ideal for
scripts. And the updated script is at samples/database_dump2.sh.txt

NOTE: the file name ends in .cnf and not .conf
like many configuration files.

If you use this feature, do not use the -p option on mysql.

Leave a Comment

Scroll to Top