[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

When I run a mysql command in a script, "Warning: Using a password on the command line interface can be insecure" is displayed

2016.08.19

Server construction/operation

My name is Ito and I am an infrastructure engineer.
We use a script to back up our database every night.

The version of MySQL that I often use is 5.5, but I had a chance to use 5.6, and when I installed and executed the script as usual, I got the following log.

Warning: Using a password on the command line interface can be insecure

Click here for information on MySQL version upgrades.

Even though I was using the same script as before, an unfamiliar warning was being output.

It's fine if it just appears, but cron will send you an email. . .

Having passwords visible in the command line interface is not secure.

The meaning of the output Warning message is as follows.
In addition to being output by the script, it is also output when you type the password directly in the command.

The following is an example of logging in using the mysql command with the -p option and a password as an argument.
You can see that it is output on the second line.

# mysql -uroot -ppassword Warning: Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3548981 Server version: 5.6.30-log MySQL Community Server (GPL) Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help ;' or '\h' for help. Type '\c' to clear the current input statement. mysql>

If you use only [-p] and enter the password separately, no output will be generated.
Writing directly is not secure! ! This is a Warning.

Export the password part to the conf file

The workaround to prevent this warning from appearing is to read from an external file.

Create a file to be read externally.

# vim dbaccess.cnf [client] user = hoge password = hogehoge host = 192.168.1.1 Since the password is written in the file, access privileges are minimal # chmod 400 dbaccess.cnf

All you need to do is read this file using the mysql or mysqldump command.

# mysql --defaults-extra-file=dbaccess.cnf Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 72755232 Server version: 5.6.30-log MySQL Community Server (GPL) Copyright (c ) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>

You can connect successfully, so it's OK if you incorporate this into your script.

I have written other articles about MySQL, so them out as well.