[英]Store MySQL password in bash-script
Need to create simple mysql-backup script. 需要创建简单的mysql-backup脚本。
But - how can I store encrypted pass of MySQL user in it? 但是 - 如何在其中存储MySQL用户的加密传递?
I want to avoid store password in plaintext type in any additional files. 我想避免在任何其他文件中以明文类型存储密码。
As I found in MySQL manual: 正如我在MySQL手册中找到的:
MySQL encrypts passwords stored in the user table using its own algorithm
MySQL使用自己的算法加密存储在用户表中的密码
So. 所以。 there is no way to just get
hash
and set it as variable? 有没有办法只获取
hash
并将其设置为变量?
I mean: 我的意思是:
DBHASH="cGFzc3dvcmQ="
DBPASS=`echo $DBHASH | openssl enc -base64 -d`
Is there any correct way to sovle it? 有没有正确的方法来解决它? Thanks for tips.
谢谢你的提示。
It doesn't matter if the script contains a plaintext password or not if it includes a repeatable routine for getting into MySQL (ie automatically decrypting) - an attacker would just do the same. 如果脚本包含一个明文密码,如果它包含一个可重复的进入MySQL的例程(即自动解密)并不重要 - 攻击者也会这样做。 If you could pass the hash/decrypted password and have MySQL compare it would be just as repeatable (and the hash would function as a password anyway).
如果您可以传递散列/解密密码并进行MySQL比较,那么它就是可重复的(无论如何散列都将起到密码的作用)。
So, the easy answer is: You can't do this. 所以,简单的答案是:你不能这样做。 You have some options...
你有一些选择......
Remember a "backup account" does not need write privileges etc... 请记住,“备份帐户”不需要写权限等...
afaict, there's no way to do what you're looking for. afaict,没有办法做你想要的。 Whether you store the hash or the original password, you will anyway store very sensible information that might be evil used if someone gets read access to your script.
无论您是存储哈希值还是原始密码,无论如何都会存储非常合理的信息,如果有人获得对您脚本的读取权限,则可能会使用这些信息。
What you may prefer, is instead setup up an user account that can't login, and setup up mysql so that user has the exact permissions for your script. 您可能更喜欢的是设置一个无法登录的用户帐户,并设置mysql以便用户拥有您的脚本的确切权限。 And also make it so that this user is the only one having exec access to the script.
并且还使得该用户是唯一具有exec访问权限的用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.