Find the answer to your Linux question:
Results 1 to 4 of 4
I have a cron job that uses mysqldump to backup a database. In order to automate this I have to supply the password in the cronjob shell script in clear ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru smolloy's Avatar
    Join Date
    Apr 2005
    Location
    CA, but from N.Ireland
    Posts
    2,414

    Automated MySQL backup without clear-text password


    I have a cron job that uses mysqldump to backup a database. In order to automate this I have to supply the password in the cronjob shell script in clear text. This feels like a security risk, and makes me uncomfortable. I've reduced the read permissions on this file to as low as possible, but it still feels dangerous.

    Does anyone know a way for me to back up this database automatically without having to store a password in clear text?
    Registered Linux user #388328 || Registered LFS user #15880
    AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
    Need instant help? Try us on IRC -- #linuxforums on freenode

  2. #2
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    The answer is simply NO you cant do that.
    Since if the PC needs a password to do something you need to or give it or he has to decode it.
    If you want the pc to be able to decode it quickly its no use since when a Cracker comes by and sees the hash he puts it in a converter and there is his answer.
    You can write a encrypter yourself then. But then still its not save (like getting a already existing one and put Char Lifting and Salt in there).
    You can give him his key as a file that you put on a Floppy Drive. This way you need to get the floppy to see the backup.

    In my eyes you can better do this with something else then MySQL dump.
    Copy the folder were the backup is saved. Compress it and then send it over a network to another PC with a custom written protocol using socat and cryptcat and maybe netcat if you like.
    This is how I sync my PDA over the inet with a main server.

    I hope that helped.

    Cheers,
    Robin
    New Users, please read this..
    Google first, then ask..

  3. #3
    Linux Guru smolloy's Avatar
    Join Date
    Apr 2005
    Location
    CA, but from N.Ireland
    Posts
    2,414
    Thanks RobinVossen.

    I'm running this database on my own home server, and there aren't any other computers in the network that I could backup to.

    I was hoping for a method similar to using public keys over ssh, but perhaps such a method doesn't exist. A more secure method (in terms of security against crackers) would be for me to do the updates manually, but I really think updates should be automatic and not prone to human error.

    Perhaps there's no way to get the security I want?
    Registered Linux user #388328 || Registered LFS user #15880
    AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
    Need instant help? Try us on IRC -- #linuxforums on freenode

  4. #4
    Linux Engineer RobinVossen's Avatar
    Join Date
    Aug 2007
    Location
    The Netherlands
    Posts
    1,429
    Well, I myself should just make sure that your system is save.
    If you backup to your own system. Whats the point of putting a hard encryption before you can backup. They just grab the backups then

    So, well I think that you just should install a Firewall and maybe a IDS.
    And ofc. Run linux and keep it uptodate.
    New Users, please read this..
    Google first, then ask..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •