Database Reference
In-Depth Information
Get the parameters from the execution environment
The most common way to do this is to set the appropriate environment variables
in one of your shell's startup files (such as
.profile
for
sh
,
bash
,
ksh
; or
.login
for
csh
or
tcsh
). Programs that you run during your login session then can get parameter
values by examining their environment.
Get the parameters from a separate file
With this method, store information such as the username and password in a file
that programs can read before connecting to the MySQL server. Reading parameters
from a file that's separate from your program gives you the benefit of not having to
enter them each time you use the program, without hardwiring the values into it.
Also, storing the values in a file enables you to centralize parameters for use by
multiple programs, and for security purposes you can set the file access mode to
keep other users from reading the file.
The MySQL client library itself supports an option file mechanism, although not
all APIs provide access to it. For those that don't, workarounds may exist. (As an
example, Java supports the use of properties files and supplies utility routines for
reading them.)
Use a combination of methods
It's often useful to combine methods, to give users the flexibility of providing pa‐
rameters different ways. For example, MySQL clients such as
mysql
and
mysqlad‐
min
look for option files in several locations and read any that are present. They
then check the command-line arguments for further parameters. This enables users
to specify connection parameters in an option file or on the command line.
These methods of obtaining connection parameters do involve security issues:
• Any method that stores connection parameters in a file may compromise your
system's security unless the file is protected against access by unauthorized users.
This is true whether parameters are stored in a source file, an option file, or a script
that invokes a command and specifies the parameters on the command line. (Web
scripts that can be read only by the web server don't qualify as secure if other users
have administrative access to the server.)
• Parameters specified on the command line or in environment variables are not
particularly secure. While a program is executing, its command-line arguments and
environment may be visible to other users who run process status commands such
as
ps
-e
. In particular, storing the password in an environment variable perhaps is
best limited to those situations in which you're the only user on the machine or you
trust all other users.
The rest of this section discusses how to process command-line arguments to get con‐
nection parameters and how to read parameters from option files.
