I want to schedule a cron job that either uses mysqldump directly, or calls a script that does the mysqldump. My question is since mysqldump requires a password to be supplied, is it secure to do mysqldump directly as a cron job? If not, while using a script, what's the most secure way of protecting the password?
Asked
Active
Viewed 1,515 times
2 Answers
1
I think you should:
- Create file which will store you login/password and set minimal permissions on it.
- Create bash script/php/perl script which will run mysqldump command and read settings from this file.
- Set this script to cron.
But if you run cron under root so you can specify user/password directly in cron because onlyrestricted number of users can look through this file.
Andrej
- 7,474
- 1
- 19
- 21
-
2This is still terribly insecure. Even if only root can read that file, *anyone* can run `ps ax | grep mysql` and see the password that was specified on the command line. The proper way to do this is by using config files; see the duplicate question linked above. – cdhowie Aug 25 '11 at 03:08
-
You can set privileges on processes. Look at this article about Solaris http://blogs.oracle.com/gbrunett/entry/forcing_users_to_see_only – Andrej Aug 25 '11 at 06:15
-
Sure, you can do that, but that's somewhat OS-specific. Further, the config file approach is usable under circumstances where you don't have root access and can't reconfigure such things. – cdhowie Aug 25 '11 at 17:55
0
you can write password into script file and set it's permission root user only. than define it in crontab.
no one can see it unless logged in as root user. if someone else can login as root user mysql password wont be your primary problem anyway..
also you can use a specific user instead of root with only necessary permissions..
dvdmn
- 6,456
- 7
- 44
- 52