Shulou(Shulou.com)05/31 Report--

Editor to share with you how to achieve password encryption authentication of the simple script, I believe that most people do not understand, so share this article for your reference, I hope you will learn a lot after reading this article, let's go to know it!

When MySQL logs in, if the password is specified in clear text, the following warning will be thrown after the login is successful.

[root@dev01 /] # mysql-uroot-pxxxx

Mysql: [Warning] Using a password on the command line interface can be insecure.

Welcome to the MySQL monitor. Commands end with; or\ g.

Your MySQL connection id is 2837

Don't underestimate this error, some business validations do not allow Warning, so some big manufacturers may need to customize the logic of this error.

Of course, if you do not need to know the password, can you change the way to do it, in fact, in the beginning of the loginpath, and the function of the wallet in Oracle is similar, in fact, it is a kind of authentication, do authorization, you do not need to know this information, loginpath is a bridge to do authentication for you.

If you are version 5. 5 without loginpath, is there any feasible solution to meet the demand?

Some students may start to ask at this time, what is the need?

Let's imagine, in the way of the command line, enter a clear text password, then why do you need a password? just don't look at it when I type the password, but it's in the history command.

So this is also a risk point entrance, if you log in because of some unexpected circumstances, then this situation is very embarrassing. This is demand one.

In another scenario, if we have a large number of MySQL environments, the DBA account password for each environment is the same, but the password is very complex. We can not enter plaintext, then enter the password format, that means interactive and manual input, manual input is simply, you will find that this operation is really primitive, advanced, use keypass or keepass, etc., which depends on the local environment configuration. So the characteristic of demand 2 is to maintain the password by hand, and the password entered by hand is too primitive.

Then we write the script, but the password in the script is still visible, the problem of the plaintext password for the call is solved, but the password in the content is still readable.

So in this case, a very natural way is encryption.

One of them is to encrypt the password. for example, we get a password encrypted string, decrypt it when we need to call it, and get the real password. This process is implemented by logic in the script, so we are less likely to get plaintext passwords.

The other is to encrypt the file, for example, to encrypt the whole file, after which the file cannot be read. So the encrypted password is encrypted again. There are ways to encrypt files with shell and languages such as python.

If you want to call the script, you actually decrypt the file first, then call the decryption logic, get the real password, and then open the request for access.

For example, I got an encrypted password string. The decryption logic of the call is decrypt_passwd, of course, this is readable and reversible, we can actually add some complex factors to interfere.

The preliminary content of the script is as follows:

Sec_password='RHB6WUF1d1c5TTEzabadfo='

Dec_passwd=''

Sql_block=''

Function decrypt_passwd

{

Tmp_passwd=$1

Dec_passwd= `echo $tmp_passwd | base64-d`

}

Decrypt_passwd $sec_password

Instance_ip=$1

Instance_port=$2

Port=$1

If [!-n "$port"]; then

Echo'#

Echo 'Please input correct MySQL Port and try again.'

Echo'#

Ps-ef | grep mysqld | grep-v grep | grep-v mysqld_safe

Exit

Fi

/ usr/local/mysql/bin/mysql-udba_admin-p$dec_passwd-h227.0.0.1-Play1

Such a simple file, which can be encrypted with gzexe, is what we initially expect.

This file is like a binary file, we copy it to any server, specify the entry, we can easily access it.

The above is all the contents of this article "how to achieve password encryption authentication in MySQL". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.