Use login-paths (.mylogin.cnf)

The best way to specify server connection information is with your .mylogin.cnf file. Not only is this file encrypted, but any logging of the utility execution will not expose the connection information. Thus, no user names, passwords, ports, etc. are visible in the log. This is the preferred method for using MySQL Utilities to connect to servers.

Note: MySQL Utilities version 1.2.1 and later support login-paths.

Utilities support the use of login-paths in the connection string provided they use the following format login-path-name[:port][:socket] where the port and socket parameters are optional. If used, these optional parameters override the respective options from the specified login-path.

When using login-paths, there are no default values except on Posix systems when specifying a socket. In this case, the host option defaults to localhost. This means that combining the values specified in the login-path with the two optional values port and socket, one needs to specify at least a user, a hostname and a port or socket.

Use the mysql_config_editor tool (http://dev.mysql.com/doc/en/mysql-config-editor.html) to add the connection information as follows.

shell> mysql_config_editor set --login-path=instance_13001 --host=localhost --user=root --port=13001 --password
Enter password: <Password is prompted to be inserted in a more secure way>

Next, use the following command to confirm that the login-path data was correctly added to .mylogin.cnf (the encrypted file):

shell> mysql_config_editor print --login-path=instance_13001
[instance_13001]
user = root
password = *****
host = localhost
port = 13001

Once your .mylogin.cnf file is configured, you need only specify the section of the .mylogin.cnf file for the server connection. For example, the section created in the previous example is 'instance_13001'. Thus, we use --server=instance_13001. The following shows the execution of a utility specifying the login-path section.

shell> mysqlserverinfo --server=instance_13001 --format=vertical

# Source on localhost: ... connected.
*************************       1. row *************************
server: localhost:13001
config_file: /etc/my.cnf, /etc/mysql/my.cnf
binary_log: clone-bin.000001
binary_log_pos: 341
relay_log:
relay_log_pos:
version: 5.6.17-log
datadir: /Volumes/Source/source/temp_13001/
basedir: /Volumes/Source/source/bzr/mysql-5.6
plugin_dir: /Volumes/Source/source/bzr/mysql-5.6/lib/plugin/
general_log: OFF
general_log_file:
general_log_file_size:
log_error:
log_error_file_size:
slow_query_log: OFF
slow_query_log_file:
slow_query_log_file_size:
1 row.
#...done.

See the online MySQL Reference Manual for more information about login-paths, the .mylogin.cnf file, and themysql_config_editor client.

MySQL 5.6 에 보안을 위한Tool (mysql_config_editor)이 추가되어 테스트 해보았습니다.

mysql 접속시 암호를 넣지않고 접속할 수 있네요.

--=========================================================================== --mysql_config_editor — MySQL Configuration Utility --=========================================================================== -- http://dev.mysql.com/doc/refman/5.6/en/mysql-config-editor.html -- http://anothermysqldba.blogspot.kr/2013/05/mysql-users-grants-mysqlconfigeditor.html -- http://mysqlblog.fivefarmers.com/2012/08/16/understanding-mysql_config_editors-security-aspects/ --=========================================================================== mysql_config_editor set --login-path=local_test --host=localhost--user=root --password --socket=/tmp/mysql.sock --port=15615 mysql_config_editor print --all   [local_test]   user = root   password = *****   host = localhost   socket = /tmp/mysql.sock   port = 3306 ls -l ~/.mylogin.cnf   -rw-------. 1 root root 192 Dec 26 17:15 /root/.mylogin.cnf cat ~/.mylogin.cnf   ;z?rr떡_喘픕톄   }}??F??C_쟛-曰 ?`택?   --> Binary file 로 되어있어서읽지못함 mysql --login-path=local_test   Welcome to the MySQL monitor.  Commands end with ; or \g.   Your MySQL connection id is 11   Server version: 5.6.15-log MySQL Community Server (GPL)   Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.   Oracle is a registered trademark of Oracle Corporation and/or its   affiliates. Other names may be trademarks of their respective   owners.   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.   [localhost] ((none)) 17:16> mysql --login-path=local_test TEST   Welcome to the MySQL monitor.  Commands end with ; or \g.   Your MySQL connection id is 11   Server version: 5.6.15-log MySQL Community Server (GPL)   Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.   Oracle is a registered trademark of Oracle Corporation and/or its   affiliates. Other names may be trademarks of their respective   owners.   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.   [localhost] (TEST) 17:17>   mysql_config_editor remove --login-path=local_test mysql_config_editor print --all [출처] [NF 5.6] 보안강화를 위한 mysql_config_editor 사용 (MySQL Power Group) |작성자 ham