Preface
 
    Connection security is  one of the most important safety strategies which we should consider.It's not a good manner using plaintext password in my.cnf file when connecting mysql server by client.What can we do more safely?
 
Introduce
 
    MySQL provide a method called "login-path" which permits merely using parameter "--login-path" to login MySQL server since 5.6 version.Notice,login-path depends on program "mysql_config_editor" which belongs to MySQL main program most probably in "/usr/local/mysql/bin" directory.First of all,we need to set a login path name(also a group name) with it,then the ".mylogin.cnf" will be created which contains user,password,host,port,socket and so forth.The password in ".mylogin.conf" file is shown as asterisks(eg. password=*****).Afterward,MySQL client will have a safer authentication credentials in loging MySQL servers.
 
Procedure
 
example
 
usage
 mysql_config_editor [program options] [command [command options]]
Parameter
  -#, --debug[=#]     This is a non-debug version. Catch this and exit.

   -?, --help          Display this help and exit.

   -v, --verbose       Write more information.

   -V, --version       Output version information and exit.

 Variables (--variable-name=value)

 and boolean options {FALSE|TRUE}  Value (after reading options)

 --------------------------------- ----------------------------------------

 verbose                           FALSE

 Where command can be any one of the following :

        set [command options]     Sets user name/password/host name/socket/port

                                  for a given login path (section).

        remove [command options]  Remove a login path from the login file.

        print [command options]   Print all the options for a specified

                                  login path.

        reset [command options]   Deletes the contents of the login file.

        help                      Display this usage/help information.
Create a login path named "3306".
 [root@zlm1 :: ~]

 #mysql_config_editor set --login-path= -h127.0.0. -P3306 -uroot -p

 Enter password: 

 [root@zlm1 :: ~]

 #
Check the contents of login path.
 [root@zlm1 :: ~]

 #mysql_config_editor print --all

 []

 user = root

 password = ***** -- Here is several asterisks instead of plaintest password.

 host = 127.0.0.1

 port =
Check the config file in user home directory.
 [root@zlm1 :: ~]

 #ls -la|grep mylogin.cnf

 -rw-------    root root       Jun  : .mylogin.cnf

 [root@zlm1 :: ~]

 #cat .mylogin.cnf -- All the contents in ".mylogin.cnf" file have been encrypted.

 ᑸ¨ƒˆK›巧-#[q- ¨ÿœ‰·t㼝«ɽ(žϿ欕鋳쾋  q̓‰أ&¸ۑ Sن}uj—–

                                                           ņZP‰ַ©ս¬ʨh±

 [root@zlm1 :: ~]

 #Xshell
Connect Server with client program by login path.
 [root@zlm1 :: ~]

 #mysql --login-path=

 Welcome to the MySQL monitor.  Commands end with ; or \g.

 Your MySQL connection id is

 Server version: 5.7.-log MySQL Community Server (GPL)

 Copyright (c) , , Oracle and/or its affiliates. All rights reserved.

 Oracle is a registered trademark of Oracle Corporation and/or its

 affiliates. Other names may be trademarks of their respective

 owners.

 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 root@127.0.0.1: [(none)]>
Connect Server with client program by login path.

 [root@zlm1 :: ~]

 #mysql --login-path=#

 ERROR  (): Access denied for user 'root'@'localhost' (using password: NO)

 [root@zlm1 :: ~]

 #mysql_config_editor --print all

 mysql_config_editor: [ERROR] unknown option '--print'

 [root@zlm1 :: ~]

 #mysql_config_editor print --all

 []

 user = root

 password = *****

 host = 127.0.0.1

 port =

 [#]

 user = root

 password = *****

 host = 127.0.0.1

 port =
 Remove a login path.

 [root@zlm1 :: ~]

 #mysql_config_editor remove --login-path=#

 [root@zlm1 :: ~]

 #mysql_config_editor print --all

 []

 user = root

 password = *****

 host = 127.0.0.1

 port =
 It's not supported using special character such as "#","¥",“%”,etc.

 [root@zlm1 :: ~]

 #mysql_config_editor set --login-path=# -h127.0.0. -P3306 -uroot -p###

 mysql_config_editor: [ERROR] mysql_config_editor: unknown option '-#'

 [root@zlm1 :: ~]

 #mysql_config_editor set --login-path=# -h127.0.0. -P3306 -uroot -p$$$

 mysql_config_editor: [ERROR] mysql_config_editor: unknown option '-3'

 [root@zlm1 :: ~]

 #mysql_config_editor set --login-path=# -h127.0.0. -P3306 -uroot -p%%%

 mysql_config_editor: [ERROR] mysql_config_editor: unknown option '-%'
 Summay

  • I'm afraid login-path is a safer method in logining MySQL.
  • Notice that characters of password must be confirmed to the MySQL password rules.
  • In the past,we usually put those parameters(host,port,user,password,etc.) in /etc/my.cnf to void repeated words typing,but it's realy not safe.
 

利用login-path对MySQL安全加固的更多相关文章

  1. lamp下mysql安全加固

    lamp下mysql安全加固 1.修改root用户口令,删除空口令 缺省安装的MySQL的root用户是空密码的,为了安全起见,必须修改为强密码,所谓的强密码,至少8位,由字母.数字和符号组成的不规律 ...

  2. 利用mysqltuner工具对mysql数据库进行优化

    mysqltuner工具使用,本工具建议定期运行,发现目前MYSQL数据库存在的问题及修改相关的参数 工具的下载及部署 解决环境依赖,因为工具是perl脚本开发的,需要perl脚本环境 # yun i ...

  3. 利用strace & Perf分析MySQL

    strace介绍及用途 strace是一个用于诊断,分析linux用户态进程的工具 类似的工具pstrace,lsof,gdb,pstrack strace观察mysqld对my.cnf 配置文件的加 ...

  4. 利用Docker快速部署Mysql

    写在前面 我又来更新了~~~,今天内容较少,主要是利用Docker快速部署Mysql和初始化数据 利用Docker下载Mysql 简洁明了,在命令提示符中输入 docker pull mysql:8. ...

  5. MYSQL启用日志,查看日志,利用mysqlbinlog工具恢复MySQL数据库【转载】

    转自 MYSQL启用日志,查看日志,利用mysqlbinlog工具恢复MySQL数据库 - _安静 - 博客园http://www.cnblogs.com/xionghui/archive/2012/ ...

  6. 在CentOS7中利用yum命令安装mysql

    在CentOS7中利用yum命令安装mysql 原创 2016年08月31日 10:42:33 标签: mysql / centos 4832 一.说明 我们是在VMware虚拟机上安装的mysql, ...

  7. 利用日志文件恢复MYSQL数据库

    利用日志文件恢复MYSQL数据库 650) this.width=650;" onclick='window.open("http://blog.51cto.com/viewpic ...

  8. docker数据卷学习-利用数据卷实现mysql的快速恢复和迁移

    docker数据卷学习 一 新建带有数据卷的容器 1.从docker hub下载centos7镜像 # docker pull centos 2. 创建container # docker run - ...

  9. 利用tcpdump抓取mysql sql语句

    这个脚本是我之前在网上无意间找个一个利用tcpdump 抓包工具获取mysql流量,并通过过滤把sql 语句输入. 脚本不是很长,但是效果很好. #!/bin/bash #this script us ...

随机推荐

  1. onload与ready差异

    window.onload: 等所有资源加载完document.ready: DOM树构建完资源还没加载完 应该使用ready保证用户体验.否则当网站有很多图片资源时要很长时间才能加载完这段时间内Js ...

  2. Java中去除字符串中空格的方法

    昨天写了一个关于Excel文件处理的脚本,在字符串匹配功能上总是出现多余不正确的匹配,debug调试之后,发现一个坑. ------->代码中字符串使用了replaceAll()方法,去除了所有 ...

  3. NGUI动态字体的使用

    LZ今年六月刚刚毕业,在学校跟着老师做Android,OpenGL ES方面的项目(说白了就是干苦力╮(╯_╰)╭).年后来SZ了,就业前景好像并没有电视上渲染的那样糟糕,至少IT行业是这样吧,只要你 ...

  4. 安全隐患,你对X-XSS-Protection头部字段理解可能有误

    0×00. 引言 我曾做过一个调查,看看网友们对关于X-XSS-Protection 字段的设置中,哪一个设置是最差的,调查结果令我非常吃惊,故有此文. 网友们认为 最差的配置是X-XSS-Prote ...

  5. Extjs 自动列宽

    //auto column width Ext.grid.Panel.prototype.viewConfig = { listeners: { refresh: function (dataview ...

  6. oracle_procedure

    define: 存储过程(Stored Procedure )是一组为了完成特定功能的SQL 语句 集,经编译后存储在数据库中.用户通过指定存储过程的名字并给出参数(如果该存储过程带有参数)来执行它. ...

  7. June 16th 2017 Week 24th Friday

    Progress is the activity of today and the assurance of tomorrow. 进步是今天的活动,明天的保证. The best preparatio ...

  8. 【[SDOi2012]Longge的问题】

    求\(\sum_{i=1}^ngcd(i,n)\) 考虑枚举\(gcd\),现在答案变成这样 \(\sum_{d|n}d*f(d)\) \(f(d)=\sum_{i=1}^n [gcd(i,n)==d ...

  9. About me and this site(2018/8/28)

    Name: 李秋豪 / [lǐ qiū háo] I'm a junior majoring in InfoSec at Harbin Institute of Technology. I'm int ...

  10. App版本号定义与说明基础知识

    版本控制比较普遍的三种命名格式 GNU 风格的版本号命名格式 主版本号 . 次版本号 [. 修正版本号 [. 编译版本号 ]] 示例 : 1.2.1, 2.0, 5.0.0 build-13124 W ...