Mysqldump launched by cron and password security

Question

I wrote a script to backup my MySQL databases using:

mysqldump --opt --all-databases -u user -pmypassword > myDump.sql

A cron launches i

Answer 1

to add to Sahil's answer above, use --defaults-extra-file

--defaults-extra-file is used to tell a program to read a single specific option file in addition to the standard option files.

whereas --defaults-file is read instead of the default my.cnf file.

Answer 2

Check out Keeping Passwords Secure for a good answer. You can store your password in the my.cnf file changing the permissions on that file to keep the password secure.

You can also check the last comment on this page too:

MYSQL_PWD="tinkerbell" mysqldump -ubackup --all-databases > dump.sql

Answer 3

All answers here are in pieces so sharing a complete command which will do the required and must be used if database are heavy in size, --single-transaction and --lock-tables are very important here

mysqldump --defaults-extra-file=/home/dangi/.my.cnf -u root --single-transaction --quick --lock-tables=false --all-databases (or) DATABASE | gzip > OUTPUT.gz;

Note: Answer is in add of Avibodha and sahil answer, they have already made the point. I am just putting their answer in single piece of code with important measure should be taken at time of backing up live database

Answer 4

The accepted answer stores the password in a plain text file, which could be read by anyone with administrative (root) access. If your database is in a shared hosting environment, this is undesirable.

A better option would be to use mysql_config_editor to create an encrypted login path named mysqldump. According to the MySQL documentation:

mysql_config_editor encrypts the .mylogin.cnf file so it cannot be read as cleartext, and its contents when decrypted by client programs are used only in memory. In this way, passwords can be stored in a file in non-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable.

The following command will create your mysqldump login path:

mysql_config_editor set --login-path=mysqldump --host=your_hostname --user=your_username --password

You will be prompted to enter your password, and the login path you created will be stored in encrypted format. mysqldump will automatically use this login path whenever you call it in the future, unless you specify a different login path with the --login-path command line option.

Here is how you would invoke mysqldump after creating an encrypted login path:

mysqldump database_name > output_file

Answer 5

Quoting the MySQL docs(http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html):

Store your password in an option file. For example, on Unix you can list your password in the [client] section of the .my.cnf file in your home directory:

[client]
password=your_pass

To keep the password safe, the file should not be accessible to anyone but yourself. To ensure this, set the file access mode to 400 or 600. For example:

shell> chmod 600 .my.cnf

To name from the command line a specific option file containing the password, use the --defaults-file=file_name option, where file_name is the full path name to the file.

Answer 6

The following method works for me on a Windows machine, if you have 2 versions of MySQL installed, and you are not sure which my.ini is used when you run mysqldump, this will also help:

1, C:\ProgramData\MySQL\MySQL Server 5.6\my.ini, fine [client], replace it to:

[client]
user=my_user
password=my_password

2, Use this command:

C:\Program Files\MySQL Server 5.6\bin>mysqldump --default-extra-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" -u my_user db_to_export > db_to_export.sql