mysql5.6命令行不能使用密码的安全措施
配置了--login-path后,尝试
shell>mysql --login-path 死活要报错说:未知的参数;
原来,之前有人在.bashrc做过命令别名
alias mysql='mysql -h$host -uroot -p$password -A'
而使用--login-path方式的时候,该参数必须为第一个参数位置;
为了保留mysql的别名,又想用--login-path的方式方便配置定时备份任务,
可以这样登录:
shell># /usr/local/mysql/bin/mysql --login-path=$name
============================
http://dev.mysql.com/doc/refman/5.6/en/option-files.html
On Unix, Linux and OS X, MySQL programs read startup options from the following files, in the specified order (top items are used first).
| File Name | Purpose |
|---|---|
/etc/my.cnf |
Global options |
/etc/mysql/my.cnf |
Global options |
|
Global options |
$MYSQL_HOME/my.cnf |
Server-specific options |
defaults-extra-file |
The file specified with --defaults-extra-file=, if any |
~/.my.cnf |
User-specific options |
~/.mylogin.cnf |
Login path options |
~ represents the current user's home directory (the value of $HOME).
==================================
http://it.i88.ca/2014/10/how-to-fix-mysql-warning-using-password.html
How to fix MySQL Warning: Using a password on the command line interface can be insecure
mysql_config_editor set --login-path=local --host=localhost --user=username --password
Then you can use in your shell script:
mysql --login-path=local
instead of:
mysql -u username -p pass
You need to put --login-path as the first parameter, or else you will get something similar to
"unknown variable 'login-path=local'"
SET
shell> mysql_config_editor set --login-path=local
--host=localhost --user=localuser --password
Enter password: enter password "localpass" here
shell> mysql_config_editor set --login-path=remote
--host=remote.example.com --user=remoteuser --password
Enter password: enter password "remotepass" here
SHOW
shell> mysql_config_editor print --all
[local]
user = localuser
password = *****
host = localhost
[remote]
user = remoteuser
password = *****
host = remote.example.com
USE
For example, to connect to the local server, use this command:
shell> mysql --login-path=local
To connect to the remote server, use this command:
shell> mysql --login-path=remote
======================================================
MySQL5.6 Using a password on the command line interface can be insecure
http://stackoverflow.com/questions/20751352/suppress-warning-messages-using-mysql-from-within-terminal-but-password-written
If your MySQL client/server version is a 5.6.x a way to avoid the WARNING message are using themysql_config_editor tools:
mysql_config_editor set --login-path=local --host=localhost --user=username --password
Then you can use in your shell script:
mysql --login-path=local -e "statement"
instead of:
mysql -u username -p pass -e "statement"
shell> mysql_config_editor set --login-path=local
--host=localhost --user=localuser --password
Enter password: enter password "localpass" here
shell> mysql_config_editor set --login-path=remote
--host=remote.example.com --user=remoteuser --password
Enter password: enter password "remotepass" here
To see what mysql_config_editor wrote to the .mylogin.cnf file, use the print command:
shell> mysql_config_editor print --all
[local]
user = localuser
password = *****
host = localhost
[remote]
user = remoteuser
password = *****
host = remote.example.com
The print command displays each login path as a set of lines beginning with a group header indicating the login path name in square brackets, followed by the option values for the login path. Password values are masked and do not appear as clear text.
As shown by the preceding examples, the .mylogin.cnf file can contain multiple login paths. In this way, mysql_config_editor makes it easy to set up multiple “personalities” for connecting to different MySQL servers. Any of these can be selected by name later using the --login-path option when you invoke a client program. For example, to connect to the local server, use this command:
shell> mysql --login-path=local
To connect to the remote server, use this command:
shell> mysql --login-path=remote
http://bbs.cqsztech.com/dv_rss.asp?s=xhtml&boardid=3&id=2241&page=4
每次都要输入mysql -u root -p -h localhost 是不是很麻烦呢。还要输入密码。
mysql 提供了一种方法叫做登录路径。
shell> mysql_config_editor set --login-path=remote
--host=remote.example.com --user=remoteuser --password
使用这个方法会在当前的用户目录下产生一个加密文件:.mylogin.
下次登录的时候可以 直接输入mysql 登录。或者使用mysql --load-path=remote
查看当前那些用户使用了 登录路径
shell> mysql_config_editor print --all
[local]
user = localuser
password = *****
host = localhost
[remote]
user = remoteuser
password = *****
host = remote.example.com
清除登录路径
shell>mysql_config_editor reset
http://zhuxiaoyuan.net/?p=82
在MySQL5.6.6之前,客户端登陆MySQL,指定用户名、密码有以下方式:
1.在命令行中通过指定选项,显示指定用户名/密码;
2.在配置文件中,明文指定用户名/密码信息;
以上形式有个明显的缺点就是用户/密码信息暴露,存在安全隐患,很容易被不法分子利用;
到MySQL5.6引入了mysql_config_editor命令,将用户/密码等登陆信息加密方式存放在.mylogin.cnf文件中(Linu存放在当前用户HOME目录下),提供了MySQL系统的安全性;
命令如下:
|
1
|
mysql_config_editor [program_options] command [command_options] |
program_options:是mysql_config_editor选项;
command:是指示需要执行的命令;
command_options:command命令对应的选项;
command指定在.mylogin.cnf文件上执行什么动作;set:添加login path到.mylogin.cnf文件,remove从.mylogin.cnf文件中删除login path,print显示loginpath内容;
新增一个login path:
|
1
|
mysql_config_editor set --login-path=zxylogininfo --user=zxy --password |
会出现交互界面提示输入密码,这样登陆信息以加密的形式存放到.mylogin.cnf文件中、
查看刚才登陆信息:
|
1
|
mysql_config_editor print --all |
显示信息:
[zxylogininfo]
user = zxy
password = *****
客户端使用–login-path登陆MySQL服务器:
|
1
|
mysql --login-path=zxylogininfo --socket=/home/mysql_data/run/mysqld.sock3305 |
登陆输出信息:
~]# mysql –login-path=zxylogininfo –socket=/home/mysql_data/run/mysqld.sock3305
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1032
Server version: 5.6.19-log MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql>
客户端使用命令行指定登陆信息登陆MySQL服务器:
|
1
|
mysql -uzxy -pzxy --socket=/home/mysql_data/run/mysqld.sock3305 |
登陆输出信息:
~]# mysql -uzxy -pzxy –socket=/home/mysql_data/run/mysqld.sock3305
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1039
Server version: 5.6.19-log MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
mysql>
注意:
1.优先级问题,命令行中指定的选项的优先级高于.mylogin.cnf指定的选项,.mylogin.cnf指定的选项高于其他配置文件中的选项;
http://www.cnblogs.com/rockbes/p/3972763.html
Enter password:
[local]
user = root
password = *****
host = localhost
[jjscj]
user = jjscj
password = *****
host = 192.168.1.190
[root@master ~]# mysql_config_editor print --all
[local]
user = root
password = *****
host = localhost
[jjscj]
user = jjscj
password = *****
host = 192.168.1.190
从Mysql5.6.6 开始mysql_config_editor允许存储加密的身份验证文件.mylogin.cnf
.mylogin.cnf在系统中的位置
Windows :%APPDATA%\MySQL
Linux:$HOME/.mylogin.cnf
1.用mysql_config_editor生成.mylogin.cnf
$mysql_config_editor set --login-path=3336 -S /mysqlweb/mysql3336/logs/mysql.sock --user=root --password
Enter password:
$mysql_config_editor set --login-path=3326 --host=127.0.0.1 -P3326 --user=root --password
Enter password:
$ls ~/.mylogin.cnf
/home/mysql/.mylogin.cnf
2.查看.mylogin.cnf的内容
$mysql_config_editor print --all
[3336]
user = root
password = *****
socket = /mysqlweb/mysql3336/logs/mysql.sock
[3326]
user = root
password = *****
host = 127.0.0.1
port = 3326
在.mylogin.cnf中密码是经过加密的。
3.使用mysql_config_editor中设置的login-path登录mysql
$mysql --login-path=3326 -e"show variables like'port'\G"
*************************** 1. row ***************************
Variable_name: port
Value: 3326
$mysql --login-path=3336 -e"show variables like'port'\G"
*************************** 1. row ***************************
Variable_name: port
Value: 3336
参考文档:
http://dev.mysql.com/doc/refman/5.6/en/mysql-config-editor.html
http://blog.csdn.net/seteor/article/details/18084149
mysql_config_editor是于用户安全认证的一个工具,使用方式如下:
mysql_config_editor set --login-path=test --user=root --host=localhost --password
Enter password: (输入密码)
登录测试:
mysql --login-path=test
登录成功。
它生成的加密文件会存放在用户主目录下
[root@localhost ~]# file ~/.mylogin.cnf
.mylogin.cnf: data
修改用户密码后再测试登录
mysql>set password for root@'localhost'=password('abc');
mysql>flush privileges;
登录测试:
mysql --login-path=test
登录失败。
结论:用户密码被修改后,需要重新创建login-path。
http://www.wo81.com/tec/db/mysql/2014-05-12/212.html
将网站迁移到了阿里云服务器,做数据库恢复时,发现多了一个提示:
mysql版本为:5.6.19,Mysql5.6版本对安全性进行了增强
在使用mysql的导出命令进行数据库备份时,出现:
Warning: Using a password on the command line interface can be insecure;
是因为在导出命令中使用了-ppassword所导致的,解决方法是:
1、使用my.cnf来存储密码,格式如下:
[mysqldump]
user=root
password=root
2、在mysqldump命令行使用 --defaults-file属性来指定my.cnf的位置
mysqldump --defaults-file=".mylogin.cnf" -hlocalhost -P3306 --user=root --routines --default-character-set=utf8 --max_allowed_packet=1G testdb> testdb.sql
浙公网安备 33010602011771号