(mysql.info.gz) Password security
Info Catalog
(mysql.info.gz) Passwords
(mysql.info.gz) User Account Management
(mysql.info.gz) Secure connections
5.6.6 Keeping Your Password Secure
----------------------------------
On an administrative level, you should never grant access to the
`mysql.user' table to any non-administrative accounts. Passwords in the
`user' table are stored in encrypted form, but in versions of MySQL
earlier than 4.1, knowing the encrypted password for an account makes it
possible to connect to the server using that account.
When you run a client program to connect to the MySQL server, it is
inadvisable to specify your password in a way that exposes it to
discovery by other users. The methods you can use to specify your
password when you run client programs are listed here, along with an
assessment of the risks of each method:
* Use a `-pYOUR_PASS' or `--password=YOUR_PASS' option on the command
line. For example:
shell> mysql -u francis -pfrank DB_NAME
This is convenient but insecure, because your password becomes
visible to system status programs such as `ps' that may be invoked
by other users to display command lines. MySQL clients typically
overwrite the command-line password argument with zeros during
their initialization sequence, but there is still a brief interval
during which the value is visible.
* Use a `-p' or `--password' option with no password value
specified. In this case, the client program solicits the password
from the terminal:
shell> mysql -u francis -p DB_NAME
Enter password: ********
The `*' characters indicate where you enter your password. The
password is not displayed as you enter it.
It is more secure to enter your password this way than to specify
it on the command line because it is not visible to other users.
However, this method of entering a password is suitable only for
programs that you run interactively. If you want to invoke a
client from a script that runs non-interactively, there is no
opportunity to enter the password from the terminal. On some
systems, you may even find that the first line of your script is
read and interpreted (incorrectly) as your password!
* Store your password in an option file. For example, on Unix you
can list your password in the `[client]' section of the `.my.cnf'
file in your home directory:
[client]
password=your_pass
If you store your password in `.my.cnf', the file should not be
accessible to anyone but yourself. To ensure this, set the file
access mode to `400' or `600'. For example:
shell> chmod 600 .my.cnf
Option files discusses option files in more detail.
* Store your password in the `MYSQL_PWD' environment variable. This
method of specifying your MySQL password must be considered
extremely insecure and should not be used. Some versions of `ps'
include an option to display the environment of running processes.
If you set `MYSQL_PWD', your password will be exposed to any other
user who runs `ps'. Even on systems without such a version of
`ps', it is unwise to assume that there are no other methods by
which users can examine process environments. Environment
variables.
All in all, the safest methods are to have the client program prompt
for the password or to specify the password in a properly protected
option file.
Info Catalog
(mysql.info.gz) Passwords
(mysql.info.gz) User Account Management
(mysql.info.gz) Secure connections
automatically generated byinfo2html