Security warning in MYSQL 5.6
Changes from MySQL 5.6.5:
Security Fix: MySQL client programs now issue a warning if a password is given on the command line that this can be insecure.
So, if you use a plain-text password/argument in the script like below:
shell>mysql --user=${myuser} --password=${mypasswd} --port=${myport} --host=${myhost} ${mydb}
Then you will get this warning:
Warning: Using a password on the command line interface can be insecure.
Solution:
Suggestions from MYSQL bug forum.
A better solution is to use mysql_config_editor which MYSQL officially suggested to add the called "mysqlpath" object which generated crypted credential for the mysql database.
It is in the bin folder in your installed MYSQL5.6 folder.
1. To find the "mysql_config_editor" cmd, you can use:
shell> which mysql_config_editor
My case, it is in the path:
/usr/local/mysql-advanced-5.6.11-linux-glibc2.5-x86_64/bin/mysql_config_editor
Note: if the "which" shows no result, it means you did not set the MYSQL5.6 path in the .profile file. It is better to do this to avoid further problems when you need to use the mysql bin cmds in crontab or shell script. You will easily get the path problem.
To set the MYSQL5.6 PATH in the .profile, you just need to add the folder path like below at the end of the file:
PATH="$PATH:/usr/local/mysql-advanced-5.6.11-linux-glibc2.5-x86_64/bin"
2. Add/Creat a mysqlpath:
shell>mysql_config_editor set --login-path=remote --host=hostname --user=username --passwordEnter password: enter password "password" here
Note: after "--login-path=" , you give the name of the mysqlpath which need be used.
3. Check mysqlpath:
shell>mysql_config_editor print --all
[remote] user = username password = ***** host = hostname4. Use mysql normally in your script with "--login-path=remote" option.
shell>mysql --login-path=remote -h hostname -u username -P port database
Note: The option in this cmd line will overwrite the value which you have already set using mysql_config_editor.For example "-h", hostname, which already set in mysql_config_editor , then the one set in the mysql cmd will overwrite it. Only password is a must in mysql_config_editor setting.
Comments
Post a Comment