在无人值守的 bash 脚本中使用 Mysql 时保护密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17827340/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Protect the password when using Mysql in an unattended bash-script
提问by eye
I am writing a bash script (for a cron job) that uses mysql:
我正在编写一个使用 mysql 的 bash 脚本(用于 cron 作业):
mysql -uusername -ppassword -e 'something;'
I am looking for a good way to keep the password handy for use in the script, but in a manner that will also keep this information secure from other users on that system. Users who could use ps -ef and users who might read text files...
我正在寻找一种很好的方法来保存密码以便在脚本中使用,但同时也可以保护该信息不受该系统上其他用户的影响。可以使用 ps -ef 的用户和可以阅读文本文件的用户...
So how can I safeguard passwords that will be used in an automated script on Linux?
那么如何保护将在 Linux 上的自动化脚本中使用的密码呢?
回答by Barmar
Put all the settings in an option file. You can use your default ~/.my.cnffile, or you can specify an alternate file using --defaults-file==filename. See the documentation 4.2.3.4. Command-Line Options that Affect Option-File Handling
将所有设置放在一个选项文件中。您可以使用默认~/.my.cnf文件,也可以使用--defaults-file==filename. 请参阅文档4.2.3.4。影响选项文件处理的命令行选项
The option file contains default settings for mysql commands. You can put the following in it, for example.
选项文件包含 mysql 命令的默认设置。例如,您可以将以下内容放入其中。
[mysql]
user=username
password=password
database=yourdb
Make the option file readable only by you, so other users can't see your password.
使选项文件只能由您读取,因此其他用户无法看到您的密码。
回答by Rodrigo M
This is an updated answer for users of MySQL 5.6.6+
这是 MySQL 5.6.6+ 用户的更新答案
As documented in 4.6.6 mysql_config_editor — MySQL Configuration Utility, there is now a more secure way to store mySQL passwords, that does not store clear text passwords in a local configuration file.
如4.6.6 mysql_config_editor — MySQL 配置实用程序中所述,现在有一种更安全的方式来存储 mySQL 密码,即不在本地配置文件中存储明文密码。
The mysql_config_editor utility (available as of MySQL 5.6.6) enables you to store authentication credentials in an encryptedlogin path file named .mylogin.cnf. The file location is the %APPDATA%\MySQL directory on Windows and the current user's home directory on non-Windows systems. The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server.
mysql_config_editor 实用程序(从 MySQL 5.6.6 开始可用)使您能够将身份验证凭据存储在名为 .mylogin.cnf的加密登录路径文件中。文件位置在 Windows 上为 %APPDATA%\MySQL 目录,在非 Windows 系统上为当前用户的主目录。MySQL 客户端程序稍后可以读取该文件以获取用于连接到 MySQL 服务器的身份验证凭据。
This file can be created by running the following command:
可以通过运行以下命令来创建此文件:
mysql_config_editor set --login-path=client --host=localhost --user=root --password
You can print the existing settings with the following command:
您可以使用以下命令打印现有设置:
mysql_config_editor print --login-path=client
This will output the current settings:
这将输出当前设置:
[client]
user = root
password = *****
host = localhost
Notice the password is encrypted by default.
请注意,默认情况下密码是加密的。
回答by Gryphius
create a file ~/.my.cnfin the home directory of the user running the cron job. make sure is not readable by other users ( chmod 600 ~/.my.cnf)
~/.my.cnf在运行 cron 作业的用户的主目录中创建一个文件。确保其他用户无法读取 ( chmod 600 ~/.my.cnf)
[client]
user=username
password=something
