I am trying to execute a few mysql statements in bash script. The script connects to mysql and does all the required work. But, it gives me a warning
Warning: Using a password on the command line interface can be insecure.
I understand that passwords and usernames must not be used directly in the script, which I have currently done
What other options do I have in order to not have this warning coming up? Can I have a file with the key:value pairs for host,dbname,username and password and then use the file for connection details in the script?
Thanks in advance
Rathi
During the init phase of your script, I would ask the user for host, username and password. Then forward these variables to the mysql command.
See here where you can learn how to ask the user for content without echoing it on the terminal window.
Related
I reset my MySQL password using cmd commands from this guide.
cd "C:\Program Files\MySQL\MySQL Server 8.0\bin"
mysqld
--defaults-file="C:\\ProgramData\\MySQL\\MySQL Server 8.0\\my.ini"
--init-file=C:\\Users\\<username>\\resetMYSQL.txt
resetMYSQL contains a command to change password
ALTER USER 'root'#'localhost' IDENTIFIED BY '<myNewPassword>';
Now, it turned out I have to keep running the mysqld command above to start my server or else I'll get this error. If I run the command again I can flawlessly run my server until I terminate it.
This is the error. It's ECONNREFUSED.
I think my password is already reset, because apart from the command line, I also run ALTER USER in Workbench after I got access to it while the cmd is running.
Btw, before this I can just start my server using Node and Sequelize and didn't have to start server elsewhere or set anything beforehand
I'm not sure what is the problem here, so I don't know which keyword I should look up on Google. I googled the error code, but those cases seems unrelated to mine.
I'd be glad if you can explain me what's going on.
The nodejs error message you showed us, a ECONNREFUSED message with a traceback, shows the your mysql database server program was not running when your nodejs program tried to connect to it. Nodejs reaches out to MySQL via TCP/IP. TCP/IP responds "I don't know any MySQL." Specifically, it responds "ECONNREFUSED on port 3306," meaning "nothing on this machine accepts connections on MySQL's port."
nodejs does not start the mysql software for you. It connects to it and uses it.. MySQL has to be running already for that work.
Ordinarily, software like mysql runs in the form of a operating system service; a background process that runs all the time on the machine to await requests).
And, ordinarily, you don't provide init files to MySQL to do things like change passwords, except just once, if you must, to rescue something broken. In your case it looks like you forgot your MySQL password, so you needed to use an init file to rescue yourself. Once the password is reset, stop using that init file.
Explaining how to make MySQL run as a service on your machine is beyond the scope of a Stack Overflow answer. But the installers for MySQL, on almost every operating system, set it up to run as a service automatically. It's generally useless otherwise.
I'm building a tool using Delphi and MySQL to restore a script generated with MySQLDump.
It was supposed to load and execute a SQL file and log any possible errors into a given output file.
I thought about execute the mysql command line and send command lines but i don't know if its possible ou how to do it since I just know how to call mysql using windows cmd and execute a single command line using ShellExecute or CreateProcess
I tried to do it with a single command line but it did'nt logged the errors properly
I tried this:
cmd /c mysql.exe --user root < "C:\restore.sql" > "C:\restore_log.txt"
the content of restore.sql was:
drop database test;
It does execute my script, but on the second attempt it should log "database doesn't exist" but restore_log.txt was empty
It would help if anyone could point the way to call mysql and send multiple lines OR a help with my cmd line to log properly
Anyone can help me?
I don't know what components you've got available to connect to the MySQL db, but using TADOQuery to access SQL Server, I simply load up the queries into a TADOQuery's .SQL property and then call Open or ExecSQL. As long as it's just vanilla SQL that was generated by SQLDump, I'd guess that should work. It's worth a try anyway.
digging more at stackoverflow I found previous answers that helped, the difference is that the output goes to a Memo that I can save to a file.
Thank you all for the help and the insights.
The answers can be found on the following links:
Getting output from a shell/dos app into a Delphi app
How do I run a command-line program in Delphi?
Getting output from a shell/dos app into a Delphi app
I'm trying to figure out how to test if a connection is possible with a given set of user, pw, and db name info. I parse out the user_name, password and database_name from an environment file and then I would like to test if the connection is possible. If possible continue with the rest of the script and if not possible, exit and print an error message. I want to test the connection because I have another larger script that just runs everything but I can't tell where it fails if it does fail.
You can make a no-op connection:
mysql -e '\q'
If I run this with a suitable .my.cnf file, $? is zero. If I try to use a different user:
mysql -u root -e '\q'
then I get an error message (which can be redirected away with 2>/dev/null) and $? is non-zero.
Note that this is a fairly limited test, compared to using a language with a SQL library and a connection that spans multiple commands. E.g. one connection may succeed, but a later one may fail because of network conditions or a change to the user's conf file or to the server authentication.
Im going to put htis as an answer so i can use formatting...
Do something similar to the following. I dont know what code you are using so this is a fairly generic example:
$conn = (SQL statement);
if (!$conn)
{error output}
else
{do logic};
So if you have many statements and you do this kind of thing for each of them using a unique error output for each then you can easily tell which one is causing the problem by reading the output.
I'm getting the message unable to locate SQL program 'mysql' when I attempt to enter sql mode in Emacs. However, I'm able to access mysql just fine via terminal.
For the record, I'm using user and password as root, server as localhost and a database of my choosing. I just don't know why this is happening.
Ideas?
Emacs uses the directories listed in the exec-path variable to look for programs. You can add to it like so:
(add-to-list 'exec-path "/usr/local/bin")
The following shell command should give you the correct value to use:
dirname `which mysql`
Need to create simple mysql-backup script.
But - how can I store encrypted pass of MySQL user in it?
I want to avoid store password in plaintext type in any additional files.
As I found in MySQL manual:
MySQL encrypts passwords stored in the user table using its own algorithm
So. there is no way to just get hash and set it as variable?
I mean:
DBHASH="cGFzc3dvcmQ="
DBPASS=`echo $DBHASH | openssl enc -base64 -d`
Is there any correct way to sovle it?
Thanks for tips.
It doesn't matter if the script contains a plaintext password or not if it includes a repeatable routine for getting into MySQL (i.e. automatically decrypting) - an attacker would just do the same. If you could pass the hash/decrypted password and have MySQL compare it would be just as repeatable (and the hash would function as a password anyway).
So, the easy answer is: You can't do this. You have some options...
Set up a correctly chmoded (600) ~/.my.cnf with the credentials.
Create a 'restricted', password-less backup-account that is only allowed to log in from localhost.
Only allow backup logins from localhost/backup host in either case.
If you're on Debian you could use the debian-sys-maint account (which has a my.cnf already set up with credentials)
Restrict the mysql account and include the password in the script plain text, but only allow given user/root to read script (if you have root you can take over mysql anyway).
Read/'source' the config variables (username/password) from an external file (with correct chmod - 600)...but you're basically doing the my.cnf-thing by then.
Remember a "backup account" does not need write privileges etc...
afaict, there's no way to do what you're looking for. Whether you store the hash or the original password, you will anyway store very sensible information that might be evil used if someone gets read access to your script.
What you may prefer, is instead setup up an user account that can't login, and setup up mysql so that user has the exact permissions for your script. And also make it so that this user is the only one having exec access to the script.