I need to back up the MySQL databases on my web space, and of course these databases are password protected.
How to supply the password to the MySQL utilities?
To make things short: from a professional point of view: old releases of MySQL (i.e. < 5.6.???) and all releases of MariaDB do not provide you with any seriously secure login methods at all.
- get prompted interactively – that’s tedious resp. hard / impossible to automate / script
- supplying the password on the command line through –password=PASSWORD – that’s unsafe, because every user on that Unix system can list all running processes together with their command lines
- supplying the password through the environment variable MYSQL_PWD – UNSAFE!!! process environment can get inspected by any user of the Unix system
- supplying the password through ~/.my.cnf – that’s unsafe, because every privileged user can look at this file anyway; mysqldump does not operate properly, if the database gets named in ~/.my.cnf – if you “chmod go-rwx ~/.my.cnf” and you trust your sysadmins, this is what you will choose
- “–login-path=NAME” resp. ~/.mylogin.cnf – only available with MySQL > 5.6.??? – looks nicer, but the file is either unencrypted or it’s still to easy to break its encryption
- –server-public-key-path=file_name – only available with MySQL >= 5.6.??? (“MySQL login without password”, “MySQL login with keys”)
Leave a Reply