Jump to content
  • Advertisement
Sign in to follow this  
CDProp

[web] Is it safe to store a password in .bash_profile?

This topic is 3325 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I have an account with Dreamhost, and generally if I want to access the mysql command line tool from the shell, I have to type in the following: $ mysql -u myuserid -pmypassword -h myhost.com I wanted to create an alias for this, so that I can just type in something like 'sql' and have it do all that for me. It works well, but in order to make this alias permanent, so to speak, I had to put it in my .bash_profile file. So, there is my MySQL login info there, in plain text. Realistically, how terrible of an idea is this? I'm the only person who has access to this account, so I'm mostly worried about hackers.

Share this post


Link to post
Share on other sites
Advertisement
Check the permissions on the file. If the file is marked as inaccessible to the outside world, but hackers can somehow access it, then they're going to be going for something more important than your MySQL password anyway.

Share this post


Link to post
Share on other sites
Don't forget that you've got much the same problem with .bash_history, and probably half a dozen other logs which you've got little to no control over as a regular user. Hell, any user logged in to the system while your query is running can simply use ps to read the process' command line arguments.

Share this post


Link to post
Share on other sites
Yeah, you guys are right. That makes sense.

What about in perl scripts? I mean, I'm pretty new to this, but I don't know how else to access the database without hard-coding the password into my perl script (or, at least, I don't know a way that is more secure).

Share this post


Link to post
Share on other sites
I stumbled on this page:

http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html

On the third bullet point, they mention that you can store passwords in a separate file, and then make that file readable only by you. This is a little better b/c then your password won't show up in .bash_history or in a call to 'ps'.

I'd shy away from putting it in a perl script. The only reason is that it's really easy to forget it's there, and one day you might accidentally upload that code to a public server or something.

But, lots of people put these kinds of passwords inside scripts anyway. It's not that big a deal.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!