MySQL Forums
Forum List  »  Security

Re: Secure Configuration for MySQL
Posted by: Georgi Kodinov
Date: September 26, 2018 10:49AM

Generally speaking storing clear text passwords in a persistent file is not the best of ideas.I know it's the prevalent practice, but I believe it's just because of (until recently at least) the lack of better options.

Modern MySQL versions do offer some alternatives to this, but they depend on the environment available and the layout.
For a local MySQL server running on the same box as the app server is I'd say you're better off reusing the OS authentication (e.g. using https://dev.mysql.com/doc/refman/8.0/en/socket-pluggable-authentication.html on unix or https://dev.mysql.com/doc/refman/8.0/en/windows-pluggable-authentication.html on windows might make a lot of sense security-wise.

Failing this (either because of a lack of a driver support or OS support) you might consider at least using the right "@host" part for your accounts and limit access through that.

You could also combine this with using things like https://dev.mysql.com/doc/refman/8.0/en/option-file-options.html#option_general_login-path so that you don't have to manage mysql credentials in your scripts or in extra files.

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria

Options: ReplyQuote


Subject
Views
Written By
Posted
637
September 10, 2018 12:31PM
325
September 10, 2018 03:26PM
Re: Secure Configuration for MySQL
321
September 26, 2018 10:49AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.