使用脚本进行MySQL身份验证,无需提供纯文本密码 [英] MySQL authentication using script without supplying password in plain text
问题描述
我已经使用bash
编写了CGI
脚本,该脚本执行了MySQL
查询.由于我的目的是使任务自动化,因此我只能将MySQL credentials
放在脚本中,而密码必须为纯文本格式.对我来说,问题在于将执行脚本的服务器是具有外部访问权限的生产服务器.我正在寻找一种解决方案,该解决方案可以保留自动化功能,但不提供纯文本格式的密码.
I have written a CGI
script using bash
which executes a MySQL
query . Since my purpose is to automate a task , I had to put MySQL credentials
in the script only with the password being in plain text . The issue for me is the server in question which will execute the script is a production server with outside access . I am looking for a solution where the automation remains but without supplying the password in plain text .
PS:对我来说,一种解决方案是通过删除对其他用户(具有rwx的root用户和所有权已更改为root的用户)的所有权限来实施严格的权限.但是,由于这是CGI脚本,因此我无法删除其他用户的读取和执行权限.
PS: One solution for me is to enforce strict permissions by removing all permission for others,groups with rwx for root and ownership changed to root. But since this is a CGI script, I cannot remove read and execute permission for others.
代码如下
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "<html>"
echo "<body>"
mysql -h $host -u root -ptest -e "select User,marks,percent from $db;" | sed 's/\t/,/g' > /tmp/out.csv `
gnuplot gnudg.sh
echo "<img src="http://172.16.0.19/report/histreport.png" alt="DG-Reports">"
echo "</body>"
echo "</html>" `
脚本权限:
ls -l /var/www/cgi-bin/ssdg/ssdgplot.sh
-rwxr-xr-x 1根1589年4月22日12:41/var/www/cgi-bin/ssdg/ssdgplot.sh
-rwxr-xr-x 1 root root 1589 Apr 22 12:41 /var/www/cgi-bin/ssdg/ssdgplot.sh
推荐答案
对于mysql,您可以使用从参考2 您可以设置诸如用户名和密码之类的值
For mysql you can use option file read from reference1, reference2 You can set values like username and password
[db-details]
user=username
password=password
并读取此文件以使用脚本登录到db. 并避免除root以外的其他任何人阅读它,只是权限为
and read this file for logging in to db in script. and to avoid anyone else read it except root, just the permissions as
chmod 600 option_file
这篇关于使用脚本进行MySQL身份验证,无需提供纯文本密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!