LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   how to pass MySQL user/pass securely in shell script? (http://www.linuxquestions.org/questions/linux-newbie-8/how-to-pass-mysql-user-pass-securely-in-shell-script-780458/)

digity 01-07-2010 12:17 AM

how to pass MySQL user/pass securely in shell script?
 
I've written a shell script to dump a couple of MySQL databases. Currently the MySQL username and password are hard coded in the scripts as plain text. I know this is not recommended, so how do I securely pass the credentials in a script?

stefansbv 01-07-2010 12:40 AM

From Advanced Bash-Scripting Guide by Mendel Cooper:

#!/bin/bash

stty -echo # Turns off screen echo.

echo -n "Enter password "
read passwd
echo
# echo "password is $passwd"
# echo

stty echo # Restores screen echo.

exit 0

# Do an 'info stty' for more on this useful-but-tricky command.

evo2 01-07-2010 01:10 AM

Just in case the user running the script is the same as the mysql user, I thought I should point out that you can just have mysql read username and password from ~/.my.cnf.

Cheers,

Evo2.

digity 01-07-2010 01:50 AM

@stefansbv: In your example, isn't the password still exposed in the script?

vrmartin2 01-07-2010 05:33 AM

Hiding the Password in Batch Mode
 
It's nice to hide the password during manual entry, but I too would like to know how to hide it encrypted somewhere to the script can run in batch mode. The config file is good: at least it's no longer in the script. But how can we hide it somewhere where the script can find it, decode it on the fly when it needs it, and leave it encrypted?

stefansbv 01-07-2010 05:48 AM

Quote:

@stefansbv: In your example, isn't the password still exposed in the script?
What do you mean by exposed? It's not contained in the script,
but yes, you can do an echo to print it at runtime.


All times are GMT -5. The time now is 03:03 PM.