0

I use MySQL Dump for nightly backups. The time has come to stop the unsafe practice of using password on the command line. Here is what I have that works:

exec('mysqldump -uuser -ppass '.$database.' > '.$filepath.');

Now using mysql_config_editor I've set a login path:

mysql_config_editor set --login-path=name --host=localhost -user=uname --password

And the following works when executing manually by mysql direct on the command line:

mysqldump --login-path=name '.$database.' > '.$filepath

But, not via the exec function. The reason is the double -- on the login path option. What makes it hard is that default MySQL has shorthand option for this -G, but mysqldump doesn't!!!

Double dash fails because it's widely used for other things on bash UNIX command prompt. Does anyone know how to get it to work with double --, or a different workaround?

Vlad
  • 131
  • 2
  • 8
  • why is using password on command line unsafe, i would think it's more unsafe not using `escapeshellarg` with exec and variables.. And it would only be unsafe if someone gained access to the server which at that point you have other problems. – ArtisticPhoenix May 23 '16 at 05:29
  • It's unsafe because people can read the history very easily, yes once accessed the server but still in large corporate environment etc. The thing is it send me a very annoying email alert every night complaining that it's unsafe. I prefer to fix it rather then just making it shut up. – Vlad May 23 '16 at 20:25
  • And no, escapeshallargs not needed in my case as no special characters to escape, not taking any user input or anything like that. Tried it anyway but doesn't make a difference - dump is an empty file if executed via PHP. Same command works fine with a proper result if executed manually on command line. – Vlad May 23 '16 at 21:28
  • I use `--user` and `--pass` on CentOs in my backup script with `exec()`, never done a path for the password deal though. as in `mysqldump --host=127.0.0.1 --user=soandso --password=******` – ArtisticPhoenix May 24 '16 at 03:52
  • Did you see this question http://stackoverflow.com/questions/20751352/suppress-warning-messages-using-mysql-from-within-terminal-but-password-written Sorry I couldn't help more, We have a dedicated server that only I use for our websites, so I don't need to worry about things like this :) – ArtisticPhoenix May 24 '16 at 03:57
  • @ArtisiticPhoenix Interesting. Because I can't run a `--user` or `--password` commands on my set up at all, no double dashes. Using Ubuntu. Possibly it's to do with the way PHP FPM executes command line - I am using it since it's the Nginx set up. – Vlad May 24 '16 at 20:44
  • We have CentOs, could be only on Ubuntu then. – ArtisticPhoenix May 25 '16 at 05:36

0 Answers0