首页 > 代码库 > MySQL5.6 Using a password on the command line interface can be insecure

MySQL5.6 Using a password on the command line interface can be insecure

最近把MySQL从5.5升到5.6以后,mysqldump居然不好用了,提示:

 代码如下复制代码

[root@qttc ~]# /usr/local/mysql/bin/mysqldump  -uroot -proot db > bak.sql
Warning: Using a password on the command line interface can be insecure.

翻译过来是:在命令行界面上使用密码可以是不安全的。

这让人有点郁闷,5.5用的一直都很爽,到5.6居然说命令行方式写密码不安全?那密码写哪呢?

在官网文档找到了缘由,大家可以点击这里看看:http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html

MySQL users should use the following guidelines to keep passwords secure.

    When you run a client program to connect to the MySQL server, it is inadvisable to specify your password in a way that exposes it to discovery by other users. The methods you can use to specify your password when you run client programs are listed here, along with an assessment of the risks of each method. In short, the safest methods are to have the client program prompt for the password or to specify the password in a properly protected option file.

英文有点烂,但大概读懂意思,翻译过来大意是在命令行下如果要使用密码可以在执行命令后的提示输入里输入密码,或者在指定的安全文件内指定密码。那安全文件时哪个呢?文档对此给出了答案:

Store your password in an option file. For example, on Unix, you can list your password in the [client] section of the .my.cnf file in your home directory:

可以在my.cnf内指定,于是打开我的my.cnf,在[mysqldump]下增加:

 代码如下复制代码

 
user=root
password=root

文中说的在[client]下面加也可以,但那样就所有块的操作都能共享了,所以生产环境上为了安全还是尽量分开。保存退出再dump就ok了。

 代码如下复制代码

[root@qttc ~]# /usr/local/mysql/bin/mysqldump db > bak.sql
[root@qttc ~]#

MySQL5.6 Using a password on the command line interface can be insecure