Database Reference
In-Depth Information
Notice that the preceding example uses spaces on the user line, but not on the
password line. This is because passwords can have spaces in them, so the MariaDB
mysql
command-line client starts reading the password immediately after the equals
sign. So unless the first character of our password is a space, we start the password
immediately after the equals sign.
We tell the client to read the file by using the
--defaults-file
option, as follows:
mysql --defaults-file=/path/to/my-file
With the preceding in place, the client will read the file as it connects and use the
username and password we supplied (along with any other client options that we
add in the file).
To be safe when using this method, we should set the file so that it is readable
only by the user that will run the script. We can consult our operating system
documentation for the specifics on how to do this. On Linux-based systems a good
command to use is:
chmod 600 my-file
The preceding command sets the file as readable and writable by the user that
owns the file (
6
) and no access for everyone else (the two zeroes). Consult the
chmod
documentation for full details.
On Windows, we can accomplish the same thing by right-clicking on the file in the
file manager, selecting
Properties
and then adjusting the access permissions. Consult
the Windows documentation for full instructions.
Server security
With MariaDB itself locked down nice and tight, and with us using good password
practices, we now need to look at the computer MariaDB is running on.
If we are running MariaDB on our own desktop or laptop, and we are the only one
who can log in to it, then there's not much to worry about apart from the normal
things we do to keep our computer secure—virus and malware protection, system
updates, keeping it in a secure location, and so on. It is also useful to encrypt our
hard drives, or at least our home folders using an operation supported by most
modern operating systems.
