[Gllug] mysql passwords

[Alistair Mann]

Thus spaketh Craig Millar on Monday 08 November 2004 10:47:
> anyone have any suggestions for how to obfuscate a mysql password. have a
> mysqldump that i would like to cron, but don't particularly like the idea
> of placing a password in the crontab or a script. suppose there are also
> conf files to place them in - same problem though. suppose if someone has
> read access to a read protected file it would make no difference how you
> tried to protect your data. tia, craig

Cron files are on my machine readable only by root, never mind the original 
user. In order to see your password someone would therefore need root access, 
or access to your user (to use crontab -l). In either case, you would have 
much bigger problems to deal with than a compromised mysqldump facility. If 
your machine is secure, I wouldn't worry about leaving a password in a 
crontab.

What I would do, however, is have mysqldump use a seperate mysql user who only 
has select_priv rights for the databases it needs to backup. That way, if the 
password does get out, other users would not be able to do anymore than read 
what the database contains -- they wouldn't be able to change or delete any 
entries. 
-- 
Alistair
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug