|
I want to use python Fabric to create an automated backup script that runs on my windows box and periodically backups up my database and zips the db backup along with my site files and then downloads them. I've got the basics of Fabric (awesome tool btw). However I'm trying to figure out the best way from exposing my password on ps when saving my mysql database. I'm following the example here: Backing Up a Database Automatically Trying to adapt that to fabric I believe I'd do something like: run("MYSQL_PWD=password mysqldump -u database_name database_name > $HOME/db_backups/database_name- I'm not sure if that will work as I've never seen the setting of a (I guess environment?) variable before a command. However won't that expose my mysql password to viewers of ps? And if so, what's the best way to hide it? asked 13 Nov '11, 19:10 user |
|
There should be no security issue, If you can outline one step by step so we can fix it, or would like us to look directly, you may submit a support ticket. The environment variable will be executed as your user, so only your user could view it. The ps utility will show us the path to the binary being ran, but not the complete command being ran as typed. So we would be able to see your user accessing mysqldump, but nothing else. answered 13 Nov '11, 19:51 johns P.S. - That is assuming you do not place the script in a web root path. You should keep your fabric scripts outside of the application web root paths, as this would make them publicly viewable.
(13 Nov '11, 19:53)
johns
Ok thanks wasn't sure if ps would show complete command as typed.
(13 Nov '11, 20:27)
user
|
|
Actually, this is mentioned as "extremely insecure" here: http://dev.mysql.com/doc/refman/5.5/en/password-security-user.html answered 09 Jan '13, 16:14 Klaas |
