« Automatic Zone Configuration
Sysadmin Blog #1: My SysAd Blog »

Better Scripts #1

Oops! You just sent the root password for your central MySQL server to a big mailing list. You scramble to change it as fast as possible. Sometimes you may need to include a password or some other important information in cleartext in a script. A database backup script could be a good example. You whip together that script quickly in an afternoon and put the password there. A few weeks later someone asks for a similar script and since you are such a nice guy you decide to post your script. Then you end up here.
Oops! You now sent the root password for the central MySQL server by mistake. It could be worse, you could have sent it to a mailing list.

A good way of avoiding this is to put the password into a separate file that you source into the main script. Create first the main script:

PASSWORD=`cat ./password.txt`

mysqldump -u root -p $PASSWORD mytable >mytable.sql

This script will dump the mysql table mytable into a file called mytable.sql. All you have to do is to put the root password of the MySQL user in a file called password.txt. If your friend requests a copy of this script you can send him it directly and just instruct him to put the password into password.txt. Of course you need to set as restrictive permissions as possible on password.txt.

[?]
Do you need system administration assistance? If you like what you are reading please consider subscribing to the RSS feed. If you have feedback or if you find the article useful please leave a comment below.

This entry was posted on Saturday, May 26th, 2007 at 7:22 am and is filed under Better Scripts, Scripts, UNIX. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Better Scripts #1”

  1. Very good advice but I have a question that I can not find an answer.
    Apart from connections to mysql database how do I verify in Solaris 10 that names and passwords are not embedded in soted scripts, files or procedures?

    I would greatly appreciate your help….

  2. vasiliki, there is no easy or automatic way to verify that your scripts doesn’t contain usernames or passwords. This is something you need to do manually. I hope I understood your question correctly, if not feel free to resubmit.

  3. […] my file /opt/scripts/backup_mysql.cfg and it contains the following information. I always try to keep password information in a separate file so that I won’t publish it by […]

Leave a Reply