MySQL Forums
Forum List  »  Security

Re: Using passwordless option file with mysql client
Posted by: Georgi Kodinov
Date: February 20, 2017 08:51AM

Hi Benny,

You should not be storing passwords in the regular config files to begin with.
Mysql has a special file it uses to store the data for (multiple) login paths. And a tool to handle the data in that file (since it's not clear text): https://dev.mysql.com/doc/refman/5.7/en/mysql-config-editor.html.

I suggest you:
1. remove the login names and passwords from your config files
2. mysql_config_editor to define all the login paths you need
3. use <mysql_command_line_tool> --login-path=<path>

Note also that there's the notion of a "default login path", i.e. what's used if you omit the --login-path option.


Why is this better than what you're trying ?

First of all it saves all of your passwords into a single file in your home directory. And makes sure the permissions for that file are such than nobody but your account can access it. Kind of like ~/.ssh/id_rsa.

Secondly it obfuscates the keys as stored in the file so that even if you index them with some search engine by mistake they will not be human readable.

And finally, knowing the location of the file you could move it to removable storage (usb stick) and only put it in when you need to start a mysql client tool.

HTH

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: Using passwordless option file with mysql client
563
February 20, 2017 08:51AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.