• Developer Zone
• Lists Home
• FAQ

You *COULD* include the information in the my.cnf file under the  
[client] area, something like this:

[client]
user=bruce
password=brucesPassword

That would tell the client to use that unless something else is  
disabled.

Of course that needs to be saved in plain text in a plain text file  
somewhere where people could get to it, so it may not be much of an  
improvement...

However there are several areas that my.cnf can be stored, so there  
may be some opportunities here... Given that one of the places a  
valid my.cnf file can exist is the users home directory (where it  
would be called something like ~.my.cnf and is somewhat harder to see  
because of the leading dot) you could setup a user specifically for  
handling such tasks in your server's account management system.  
Probably avoid making such a user on a network user management system  
such as LDAP or NIS or anything, but you can build a local account  
for this user.  Assign this user a home directory, and set  
permissions restrictions on the home directory and the .my.cnf file  
so other users can't access it. Then you could su to this user and  
create a crontab to execute your scripts... because you will be this  
user your mysql command line client would read your .my.cnf file and  
use that username and password unless told otherwise by the command  
line calling mysql.

That said I stress again... it is still a plain text file and the  
password is saved in readable text... if you forget to set enough  
permissions to prevent other users from accessing the file or  
something you can run into trouble. I wouldn't consider it "secure",  
but it's better than including the password in the scripts all over  
the place. You other users would need to get into this new phantom  
users home directory, find the file and read it... because the file  
is called .my.cnf it won't show on "ls" unless someone does an ls -a  
and then only if they have permissions to access that directory -  
given you will probably give the home directory in question  
drwx------ permissions only someone logged in as that user (or root)  
should be able to access the directory and see whats in it, and the  
file will need otbe readable by the user, so it needs at least - 
r-------- permission, probably not much more than that.

Best Regards, Bruce

On Jul 28, 2005, at 7:09 PM, Jeff Richards wrote:

> Hi,
>
> Is there a secure way of running mysql commands against the db from  
> the
> command line, or in some kind of secure batch mode, without making the
> password totally visible? We need to procedurize things like "flush
> tables with read lock", "unlock tables" etc. Is making the password
> visible on the command line the only way?
>
> Thanks,
>
> Jeff
>
> -- 
> Jeff Richards
> Consulting Architect
> Openwave Systems Asia Pacific
> +61 415 638757
>
>
> -- 
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:    http://lists.mysql.com/mysql? 
> unsub=bruce@stripped
>
>