Preface
 
    Connection security is  one of the most important safety strategies which we should consider.It's not a good manner using plaintext password in my.cnf file when connecting mysql server by client.What can we do more safely?
 
Introduce
 
    MySQL provide a method called "login-path" which permits merely using parameter "--login-path" to login MySQL server since 5.6 version.Notice,login-path depends on program "mysql_config_editor" which belongs to MySQL main program most probably in "/usr/local/mysql/bin" directory.First of all,we need to set a login path name(also a group name) with it,then the ".mylogin.cnf" will be created which contains user,password,host,port,socket and so forth.The password in ".mylogin.conf" file is shown as asterisks(eg. password=*****).Afterward,MySQL client will have a safer authentication credentials in loging MySQL servers.
 
Procedure
 
example
 
usage
 mysql_config_editor [program options] [command [command options]]
Parameter
  -#, --debug[=#]     This is a non-debug version. Catch this and exit.
-?, --help Display this help and exit.
-v, --verbose Write more information.
-V, --version Output version information and exit. Variables (--variable-name=value)
and boolean options {FALSE|TRUE} Value (after reading options)
--------------------------------- ----------------------------------------
verbose FALSE Where command can be any one of the following :
set [command options] Sets user name/password/host name/socket/port
for a given login path (section).
remove [command options] Remove a login path from the login file.
print [command options] Print all the options for a specified
login path.
reset [command options] Deletes the contents of the login file.
help Display this usage/help information.
Create a login path named "3306".
 [root@zlm1 :: ~]
#mysql_config_editor set --login-path= -h127.0.0. -P3306 -uroot -p
Enter password: [root@zlm1 :: ~]
#
Check the contents of login path.
 [root@zlm1 :: ~]
#mysql_config_editor print --all
[]
user = root
password = ***** -- Here is several asterisks instead of plaintest password.
host = 127.0.0.1
port =
Check the config file in user home directory.
 [root@zlm1 :: ~]
#ls -la|grep mylogin.cnf
-rw------- root root Jun : .mylogin.cnf [root@zlm1 :: ~]
#cat .mylogin.cnf -- All the contents in ".mylogin.cnf" file have been encrypted. ᑸ¨ƒˆK›巧-#[q- ¨ÿœ‰·t㼝«ɽ(žϿ欕鋳쾋 q̓‰أ&¸ۑ Sن}uj—–
ņZP‰ַ©ս¬ʨh±
[root@zlm1 :: ~]
#Xshell
Connect Server with client program by login path.
 [root@zlm1 :: ~]
#mysql --login-path=
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is
Server version: 5.7.-log MySQL Community Server (GPL) Copyright (c) , , Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. root@127.0.0.1: [(none)]>
Connect Server with client program by login path.

 [root@zlm1 :: ~]
#mysql --login-path=#
ERROR (): Access denied for user 'root'@'localhost' (using password: NO) [root@zlm1 :: ~]
#mysql_config_editor --print all
mysql_config_editor: [ERROR] unknown option '--print' [root@zlm1 :: ~]
#mysql_config_editor print --all
[]
user = root
password = *****
host = 127.0.0.1
port =
[#]
user = root
password = *****
host = 127.0.0.1
port =
 Remove a login path.

 [root@zlm1 :: ~]
#mysql_config_editor remove --login-path=# [root@zlm1 :: ~]
#mysql_config_editor print --all
[]
user = root
password = *****
host = 127.0.0.1
port =
 It's not supported using special character such as "#","¥",“%”,etc.

 [root@zlm1 :: ~]
#mysql_config_editor set --login-path=# -h127.0.0. -P3306 -uroot -p###
mysql_config_editor: [ERROR] mysql_config_editor: unknown option '-#' [root@zlm1 :: ~]
#mysql_config_editor set --login-path=# -h127.0.0. -P3306 -uroot -p$$$
mysql_config_editor: [ERROR] mysql_config_editor: unknown option '-3' [root@zlm1 :: ~]
#mysql_config_editor set --login-path=# -h127.0.0. -P3306 -uroot -p%%%
mysql_config_editor: [ERROR] mysql_config_editor: unknown option '-%'
 Summay

  • I'm afraid login-path is a safer method in logining MySQL.
  • Notice that characters of password must be confirmed to the MySQL password rules.
  • In the past,we usually put those parameters(host,port,user,password,etc.) in /etc/my.cnf to void repeated words typing,but it's realy not safe.
 

利用login-path对MySQL安全加固的更多相关文章

  1. lamp下mysql安全加固

    lamp下mysql安全加固 1.修改root用户口令,删除空口令 缺省安装的MySQL的root用户是空密码的,为了安全起见,必须修改为强密码,所谓的强密码,至少8位,由字母.数字和符号组成的不规律 ...

  2. 利用mysqltuner工具对mysql数据库进行优化

    mysqltuner工具使用,本工具建议定期运行,发现目前MYSQL数据库存在的问题及修改相关的参数 工具的下载及部署 解决环境依赖,因为工具是perl脚本开发的,需要perl脚本环境 # yun i ...

  3. 利用strace & Perf分析MySQL

    strace介绍及用途 strace是一个用于诊断,分析linux用户态进程的工具 类似的工具pstrace,lsof,gdb,pstrack strace观察mysqld对my.cnf 配置文件的加 ...

  4. 利用Docker快速部署Mysql

    写在前面 我又来更新了~~~,今天内容较少,主要是利用Docker快速部署Mysql和初始化数据 利用Docker下载Mysql 简洁明了,在命令提示符中输入 docker pull mysql:8. ...

  5. MYSQL启用日志,查看日志,利用mysqlbinlog工具恢复MySQL数据库【转载】

    转自 MYSQL启用日志,查看日志,利用mysqlbinlog工具恢复MySQL数据库 - _安静 - 博客园http://www.cnblogs.com/xionghui/archive/2012/ ...

  6. 在CentOS7中利用yum命令安装mysql

    在CentOS7中利用yum命令安装mysql 原创 2016年08月31日 10:42:33 标签: mysql / centos 4832 一.说明 我们是在VMware虚拟机上安装的mysql, ...

  7. 利用日志文件恢复MYSQL数据库

    利用日志文件恢复MYSQL数据库 650) this.width=650;" onclick='window.open("http://blog.51cto.com/viewpic ...

  8. docker数据卷学习-利用数据卷实现mysql的快速恢复和迁移

    docker数据卷学习 一 新建带有数据卷的容器 1.从docker hub下载centos7镜像 # docker pull centos 2. 创建container # docker run - ...

  9. 利用tcpdump抓取mysql sql语句

    这个脚本是我之前在网上无意间找个一个利用tcpdump 抓包工具获取mysql流量,并通过过滤把sql 语句输入. 脚本不是很长,但是效果很好. #!/bin/bash #this script us ...

随机推荐

  1. LOJ#2552. 「CTSC2018」假面(期望 背包)

    题意 题目链接 Sol 多年以后,我终于把这题的暴力打出来了qwq 好感动啊.. 刚开始的时候想的是: 设\(f[i][j]\)表示第\(i\)轮, 第\(j\)个人血量的期望值 转移的时候若要淦这个 ...

  2. 自适应布局下echarts引起页面跳帧

    项目上突然遇到一个问题,鼠标快速滑动有echarts画的饼图时,页面出现了跳帧.布局的高度突然发生变化然后恢复正常.高度怎么会变化呢?都是按百分比来的啊? 经过一番仔细观察,在跳帧的时候页面底部闪过了 ...

  3. Sde各类命令详解(sdemon 、sdelayer、sdeservice、sdetable、sdeconfig、SdeExport_SdeImport)

      Sdemon命令详解: http://wenku.baidu.com/view/3b53e8ec0975f46527d3e1c2.html 1.重建空间索引       D:\Program Fi ...

  4. Multidex (方法数超过限制的处理)

    报错 : Conversion to Dalvik format failed: Unable to execute dex: method ID not in [0, 0xffff]: 65536 ...

  5. ARM 中可用性集使用的注意事项

    Azure 目前有两种部署模型:经典部署模型 (ASM) 和资源管理器 (ARM).如果您之前使用过 ASM 模式下的可用性集,那么很可能在使用 ARM 模式下的可用性集时,会遇到一些问题或者疑惑.这 ...

  6. Python 列表(list)操作

    创建列表 sample_list = ['a',1,('a','b')] Python 列表操作 sample_list = ['a','b',0,1,3] 得到列表中的某一个值 value_star ...

  7. submit text3 常用快捷键

    Ctrl+D : 选择单词,重复可增加选择下一个相同的单词 Ctrl+F : 查找内容 Ctrl+G : 跳转到指定行 Ctrl+H : 替换 Ctrl+J : 合并行(已选择需要合并的多行时) Ct ...

  8. html5 5个重要特性

    HTML5已经火了一段时间了,相信作为web相关开发project师,肯定或多或少的了解和尝试过一些HTML5的特性和编程.还记得曾经我们介绍过的HTML5新标签. 作为未来前端开发技术的潮流和风向标 ...

  9. SpringBoot使用PageHelper进行分页

    因为SpringBoot就是为了实现没有配置文件,因此之前手动在Mybatis中配置的PageHelper现在需要重新配置,而且配置方式与之前的SSM框架中还是有点点区别.    首先需要在pom文件 ...

  10. 【转】Android应用程序窗口(Activity)窗口对象(Window)创建指南

    在前文中,我们分析了Android应用程序窗口的运行上下文环境的创建过程.由此可知,每一个Activity组件都有一个关联的ContextImpl对象,同时,它还关联有一个Window对象,用来描述一 ...