使用脚本进行MySQL身份验证，无需提供纯文本密码 [英] MySQL authentication using script without supplying password in plain text

问题描述

我已经使用bash编写了CGI脚本，该脚本执行了MySQL查询.由于我的目的是使任务自动化，因此我只能将MySQL credentials放在脚本中，而密码必须为纯文本格式.对我来说，问题在于将执行脚本的服务器是具有外部访问权限的生产服务器.我正在寻找一种解决方案，该解决方案可以保留自动化功能，但不提供纯文本格式的密码.

I have written a CGI script using bash which executes a MySQL query . Since my purpose is to automate a task , I had to put MySQL credentials in the script only with the password being in plain text . The issue for me is the server in question which will execute the script is a production server with outside access . I am looking for a solution where the automation remains but without supplying the password in plain text .

PS:对我来说，一种解决方案是通过删除对其他用户(具有rwx的root用户和所有权已更改为root的用户)的所有权限来实施严格的权限.但是，由于这是CGI脚本，因此我无法删除其他用户的读取和执行权限.

PS: One solution for me is to enforce strict permissions by removing all permission for others,groups with rwx for root and ownership changed to root. But since this is a CGI script, I cannot remove read and execute permission for others.

代码如下

#!/bin/bash

echo "Content-type: text/html"
echo ""

echo "<html>"
echo "<body>"

mysql -h $host -u root -ptest -e "select User,marks,percent from $db;" | sed  's/\t/,/g' > /tmp/out.csv `

gnuplot gnudg.sh

echo "<img src="http://172.16.0.19/report/histreport.png" alt="DG-Reports">"

echo "</body>"
echo "</html>" `

脚本权限:

ls -l /var/www/cgi-bin/ssdg/ssdgplot.sh

-rwxr-xr-x 1根1589年4月22日12:41/var/www/cgi-bin/ssdg/ssdgplot.sh

-rwxr-xr-x 1 root root 1589 Apr 22 12:41 /var/www/cgi-bin/ssdg/ssdgplot.sh

推荐答案

对于mysql，您可以使用从参考2 您可以设置诸如用户名和密码之类的值

For mysql you can use option file read from reference1, reference2 You can set values like username and password

[db-details]
user=username
password=password

并读取此文件以使用脚本登录到db. 并避免除root以外的其他任何人阅读它，只是权限为

and read this file for logging in to db in script. and to avoid anyone else read it except root, just the permissions as

chmod 600 option_file

这篇关于使用脚本进行MySQL身份验证，无需提供纯文本密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！