(mysql.info) password-security
Info Catalog
(mysql.info) passwords
(mysql.info) user-account-management
(mysql.info) secure-connections
5.9.6 Keeping Your Password Secure
----------------------------------
On an administrative level, you should never grant access to the `user'
grant table to any non-administrative accounts.
When you run a client program to connect to the MySQL server, it is
inadvisable to specify your password in a way that exposes it to
discovery by other users. The methods you can use to specify your
password when you run client programs are listed here, along with an
assessment of the risks of each method:
* Use a -pYOUR_PASS or -password=YOUR_PASS option on the command
line. For example:
shell> mysql -u francis -pfrank DB_NAME
This is convenient _but insecure_, because your password becomes
visible to system status programs such as `ps' that may be invoked
by other users to display command lines. MySQL clients typically
overwrite the command-line password argument with zeros during
their initialization sequence. However, there is still a brief
interval during which the value is visible. On some systems this
strategy is ineffective, anyway, and the password remains visible
to `ps'. (SystemV Unix systems and perhaps others are subject to
this problem.)
* Use the -p or -password option with no password value specified.
In this case, the client program solicits the password from the
terminal:
shell> mysql -u francis -p DB_NAME
Enter password: ********
The ‘`*'’ characters indicate where you enter your password.
The password is not displayed as you enter it.
It is more secure to enter your password this way than to specify
it on the command line because it is not visible to other users.
However, this method of entering a password is suitable only for
programs that you run interactively. If you want to invoke a
client from a script that runs non-interactively, there is no
opportunity to enter the password from the terminal. On some
systems, you may even find that the first line of your script is
read and interpreted (incorrectly) as your password.
* Store your password in an option file. For example, on Unix you
can list your password in the `[client]' section of the `.my.cnf'
file in your home directory:
[client]
password=your_pass
If you store your password in `.my.cnf', the file should not be
accessible to anyone but yourself. To ensure this, set the file
access mode to `400' or `600'. For example:
shell> chmod 600 .my.cnf
option-files, discusses option files in more detail.
* Store your password in the `MYSQL_PWD' environment variable. This
method of specifying your MySQL password must be considered
_extremely insecure_ and should not be used. Some versions of `ps'
include an option to display the environment of running processes.
If you set `MYSQL_PWD', your password is exposed to any other user
who runs `ps'. Even on systems without such a version of `ps', it
is unwise to assume that there are no other methods by which users
can examine process environments. See
environment-variables.
All in all, the safest methods are to have the client program prompt
for the password or to specify the password in a properly protected
option file.
Info Catalog
(mysql.info) passwords
(mysql.info) user-account-management
(mysql.info) secure-connections
automatically generated byinfo2html