├── README.md
├── mysql_securely.sh
└── mysql_securely_mktemp.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # mysql_bash_secure
 2 | 
 3 | Demonstrates the use of MySQL from shell scripts without credentials on the command line
 4 | 
 5 | Anyone who has coded a MySQL utility in bash or any other command shell will
 6 | undoubtedly run into the dreaded message:
 7 | 
 8 |     Warning: Using a password on the command line interface can be insecure.
 9 | 
10 | These scripts demonstrate techniques to get rid of this warning once and for
11 | all.
12 | 
13 | 


--------------------------------------------------------------------------------
/mysql_securely.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # call mysql client from shell script without 
 4 | # passing credentials on command line
 5 | 
 6 | # This demonstrates small single queries using
 7 | # the -e parameter.   Credentials and connection
 8 | # info are sent through standard input.
 9 | 
10 | # david . bennett @ percona . com - 12/27/2016
11 | 
12 | mysql_user=root
13 | mysql_password=password
14 | mysql_host=127.0.0.1
15 | mysql_port=3306
16 | mysql_database=test
17 | 
18 | mysql_exec() {
19 |   local query="$1"
20 |   local opts="$2"
21 |   mysql_exec_result=$(
22 |     printf "%s\n" \
23 |       "[client]" \
24 |       "user=${mysql_user}" \
25 |       "password=${mysql_password}" \
26 |       "host=${mysql_host}" \
27 |       "port=${mysql_port}" \
28 |       "database=${mysql_database}" \
29 |       | HOME="/sys" mysql --defaults-file=/dev/stdin "${opts}" -e "${query}"
30 |   )
31 | }
32 | 
33 | mysql_exec "select 'Hello World' as Message"
34 | echo "${mysql_exec_result}"
35 | 
36 | 


--------------------------------------------------------------------------------
/mysql_securely_mktemp.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | # call mysql client from shell script without 
 4 | # passing credentials on command line
 5 | #
 6 | # this version demonstrates queries read from
 7 | # standard input such as mysqldump output.
 8 | # It uses a temporary file with restrictive
 9 | # permissions to read config information.
10 | 
11 | # david . bennett @ percona . com - 12/27/2016
12 | 
13 | mysql_user=root
14 | mysql_password=password
15 | mysql_host=127.0.0.1
16 | mysql_port=3306
17 | mysql_database=test
18 | 
19 | mysql_exec_from_file() {
20 |   local query_file="$1"
21 |   local opts="$2"
22 |   local tmpcnf="$(mktemp)"
23 |   chmod 600 "${tmpcnf}"
24 |   printf "%s\n" \
25 |     "[client]" \
26 |     "user=${mysql_user}" \
27 |     "password=${mysql_password}" \
28 |     "host=${mysql_host}" \
29 |     "port=${mysql_port}" \
30 |     "database=${mysql_database}" \
31 |     > "${tmpcnf}" 
32 |   mysql_exec_from_file_result=$(
33 |       HOME="/sys" mysql --defaults-file="${tmpcnf}" "$opts" < "${query_file}"
34 |   )
35 |   rm "${tmpcnf}"
36 | }
37 | 
38 | query_file="$(mktemp)"
39 | echo "select 'Hello World' as Message;" > "${query_file}"
40 | mysql_exec_from_file "${query_file}"
41 | echo "${mysql_exec_from_file_result}"
42 | rm "${query_file}"
43 | 
44 | 


--------------------------------------------------------------------------------