通过cron启动Mysqldump和密码安全性 [英] Mysqldump launched by cron and password security
问题描述
我写了一个脚本来备份我的MySQL数据库,方法是:
I wrote a script to backup my MySQL databases using:
mysqldump --opt --all-databases -u user -pmypassword > myDump.sql
cron每天晚上启动它,并将结果scp到另一台服务器.
mypassword
在我的脚本中清晰显示,每个人都可以以适当的权限查看它.我也被告知有关/proc问题(可以在哪里查看cmd的运行情况).
A cron launches it every night and scp the result to another server.
mypassword
appears in clear in my script, everyone can see it with the appropriate rights. I have been told about /proc issues too (where the cmd run can be seen).
MySQL文档说:
在命令行上指定密码应该被认为是不安全的.请参见第7.6节确保密码安全".
Specifying a password on the command line should be considered insecure. See Section 7.6, "Keeping Your Password Secure".
我在任何地方都找不到这个神奇的7.6节.
I have not found this magic 7.6 sections anywhere.
处理自动mysqldump和密码安全性的最佳做法是什么?
What is the good practice to deal with automatic mysqldump and password security?
推荐答案
Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):
将密码存储在选项文件中.例如,在Unix上,您可以在主目录中.my.cnf文件的[client]部分中列出密码:
Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:
[client]
password=your_pass
为了确保密码安全,除了您自己之外,其他任何人都不能访问该文件.为此,请将文件访问模式设置为400或600.例如:
To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:
shell> chmod 600 .my.cnf
要从命令行命名包含密码的特定选项文件,请使用--defaults-file=file_name
选项,其中file_name
是文件的完整路径名.
To name from the command line a specific option file containing the password, use the --defaults-file=file_name
option, where file_name
is the full path name to the file.
这篇关于通过cron启动Mysqldump和密码安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!