MySQLdump via crontab - Pass --password=/hashed/password/file so I can use via crontab w/o using plain text password
Solution 1
You have following password options:
- provide the password on the command line through the
-poption - provide the password via the
MYSQL_PWDenvironment variable - put your configuration in the
~/.my.cnffile under the[mysqldump]section
In all cases your client needs a plain text password to be able to authenticate. You mentioned hashes, but the trait of a hash is that it's a one way conversion function (i.e. you won't be able to restore the original password from a hash), therefore it's unusable as the authentication token.
Since you are backing up the Wordpress database from, allegedly, the same account that hosts your Wordpress there is no security improvements of trying to hide the password from the user that runs Wordpress (the database credentials can be easily extracted from the wp-config.php file anyway).
So, I'd suggest to define the following ~/.my.cnf:
[mysqldump]
host = your_MySQL_server_name_or_IP
port = 3306
user = database_user_name
password = database_password
Then ensure that the file has the 0600 permissions. This way mysqldump does not need any database credential specified on its command line (they will be read from the ~/.my.cnf file.
Solution 2
This creates a file (it could be any file anywere is OS) that passes the password and username from the file. Even if it were "hashed" it would not make a difference if somebody got a hold of the file, they could just use it as is. If it works for me, it would work for them.
So to answer the security part of my question, chmod 0600 & sudo chown $USER:nogroup will prevent unauthorized access to file once created.
mkdir ~/wp_backups/sqldumps && touch ~/wp_backups/.sqlpwd && nano ~/wp_backups/.sqlpwd && chmod 600 ~/wp_backups/.sqlpwd && sudo chown $USER:nogroup ~/wp_backups/.sqlpwd
--.sqlpwd contents
[mysqldump] # NEEDED FOR DUMP
user=username
password=password
[mysql] # NEEDED FOR RESTORE
user=username
password=password
--SQL CLI Syntax
mysqldump --defaults-extra-file=~/wp_backups/.sqlpwd [database] > ~/wp_backups/sqldumps/"$(date '+%F').sql"
Solution 3
You can have a look at mysqldump-secure which acts as a wrapper script around mysqldump and will take care about password security (via a defaults-extra-file) and also offers your to encrypt your mysql databases via asymmetric encryption.
Related videos on Youtube
13 : 01
08 : 45
03 : 08
19 : 21
01 : 11
Undefined Behavior
Updated on September 18, 2022Comments
-
Undefined Behavior almost 2 years
Just a simple example: http://jsfiddle.net/tZXTv/
If I change the with of the screen to small, the menu became collapsed. This part
<nav class="collapse navbar-collapse"></nav>receive this classin, but after resize again to large screen, this classinisn't removed, just if refresh the page.Why important? If I want to style the collapsed menu I need some class of reference. I opened an issue in bootstrap github page.
https://github.com/twbs/bootstrap/issues/13245
Someone know how to deal with a problem like this?
-
FreeSoftwareServers almost 9 yearsIm closer! --defaults-extra-file=~/wp_backups/sqldumps/.sqlpwd seems to work, but as of now, I have PWD in plain text, but I will secure file with CHMOD CHOWN, but could I put in hashed PWD?
-
-
FreeSoftwareServers almost 9 yearsyea I kinda figured, if the permissions arent 0600 then even if it was "hashed" somebody could just use the hashed password in their own ~/.my.cnf, but I prefer --defaults-extra-file= as it can use ~/.my.cnf or any file anywere inside OS. Less like somebody will "find -name .my.cnf"
-
FreeSoftwareServers almost 9 yearswhile I haven't tested your way, in my file, there are no spaces between user=username or any of the parameters.
-
galaxy almost 9 yearsI believe you can use spaces there and if any of the parameters need to start or end with a space you need to enclose the whole string in double quotes. -
galaxy almost 9 yearsAlso, re: your comment on using a non-standard file -- won't help to much since wp-config.php of your Wordpress will reveal this information anyway.
-
galaxy almost 9 yearsThis does not improve security a single bit, unfortunately. Moreover, instead of two sections you could have used just one called
[client]. -
FreeSoftwareServers almost 9 yearsThis is the ONLY option really that suits my needs, and the point is the CHMOD CHOWN is the security. And I know of client, but didnt try it, wasn't sure what it was for, thanks!
-
FreeSoftwareServers almost 9 yearsI see what you are saying, the credentials are already in plain text on the server lol, O well, guess the best you can do is CHOWN CHMOD the 2 files.
