Question
I have written a CGI script using bash which executes a MySQL query . Since my purpose is to automate a task , I had to put MySQL credentials in the script only with the password being in plain text . The issue for me is the server in question which will execute the script is a production server with outside access . I am looking for a solution where the automation remains but without supplying the password in plain text .
PS: One solution for me is to enforce strict permissions by removing all permission for others,groups with rwx for root and ownership changed to root. But since this is a CGI script, I cannot remove read and execute permission for others.
The code is as follows
https://stackoverflow.com/questions/23216341
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "<html>"
echo "<body>"
mysql -h $host -u root -ptest -e "select User,marks,percent from $db;" | sed 's/\t/,/g' > /tmp/out.csv `
gnuplot gnudg.sh
echo "<img src="http://172.16.0.19/report/histreport.png" alt="DG-Reports">"
echo "</body>"
echo "</html>" `
Script permission:
ls -l /var/www/cgi-bin/ssdg/ssdgplot.sh
-rwxr-xr-x 1 root root 1589 Apr 22 12:41 /var/www/cgi-bin/ssdg/ssdgplot.sh
La solution
For mysql you can use option file read from reference1, reference2 You can set values like username and password
[db-details]
user=username
password=password
and read this file for logging in to db in script. and to avoid anyone else read it except root, just the permissions as
chmod 600 option_file
