通过cron启动Mysqldump和密码安全性 [英] Mysqldump launched by cron and password security

问题描述

我写了一个脚本来备份我的MySQL数据库，方法是:

I wrote a script to backup my MySQL databases using:

mysqldump --opt --all-databases -u user -pmypassword > myDump.sql

cron每天晚上启动它，并将结果scp到另一台服务器. mypassword在我的脚本中清晰显示，每个人都可以以适当的权限查看它.我也被告知有关/proc问题(可以在哪里查看cmd的运行情况).

A cron launches it every night and scp the result to another server. mypassword appears in clear in my script, everyone can see it with the appropriate rights. I have been told about /proc issues too (where the cmd run can be seen).

MySQL文档说:

在命令行上指定密码应该被认为是不安全的.请参见第7.6节确保密码安全".

Specifying a password on the command line should be considered insecure. See Section 7.6, "Keeping Your Password Secure".

我在任何地方都找不到这个神奇的7.6节.

I have not found this magic 7.6 sections anywhere.

处理自动mysqldump和密码安全性的最佳做法是什么?

What is the good practice to deal with automatic mysqldump and password security?

推荐答案

引用MySQL文档(

Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):

将密码存储在选项文件中.例如，在Unix上，您可以在主目录中.my.cnf文件的[client]部分中列出密码:

Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:

[client]
password=your_pass

为了确保密码安全，除了您自己之外，其他任何人都不能访问该文件.为此，请将文件访问模式设置为400或600.例如:

To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:

shell> chmod 600 .my.cnf

要从命令行命名包含密码的特定选项文件，请使用--defaults-file=file_name选项，其中file_name是文件的完整路径名.

To name from the command line a specific option file containing the password, use the --defaults-file=file_name option, where file_name is the full path name to the file.

这篇关于通过cron启动Mysqldump和密码安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！