mysql and mysqldump –defaults-file without a password

MySQL has an amazing option called –defaults-file. It can be used to store credentials in configuration file as it shown in example below:


[client]
user=dbUser
password=dbPassword

Make sure you did not store such configration files anywhere inside public_html accessible via HTTP or HTTPS on your website. It is real security breach. Do not do it. Consider to change –defaults-file ../some_secure_path_outside_www/.db1.my.cnf permissions as low as 600 only accessible to user to read/write it. Nobody other should have access to it. Store such files outside of any virtual host htdocs, www or public_html folders.

With such configation files you can skip authorization when using mysql, mysqldump commands.
Example commands are:
1. To make db backup you can run command like:

# mysqldump --defaults-file=../some_secure_path_outside_www/.db1.my.cnf db1 > db1.sql

2. To restore db from SQL dump file you can execute command below:

# mysql --defaults-file=../some_secure_path_outside_wwwpath/.db1.my.cnf db1 < db1.sql

You could also use my PHP cli scripts to generate such .cnf configuration files automatically from a popular CMS and frameworks at: https://github.com/podlom/get_mysql_db_php_from_cms

Example usage of command below:

# php get_create_my_cnf.php /home/taras/public_html >../some_secure_path_outside_www/.db1.my.cnf

Please, also look at documentation for more details: https://dev.mysql.com/doc/refman/5.5/en/option-file-options.html

Leave a Reply

Your email address will not be published. Required fields are marked *