Movatterモバイル変換

Themysql_config_editor utility enables you to store authentication credentials in an obfuscated login path file named.mylogin.cnf. The file location is the%APPDATA%\MySQL directory on Windows and the current user's home directory on non-Windows systems. The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server.

The unobfuscated format of the.mylogin.cnf login path file consists of option groups, similar to other option files. Each option group in.mylogin.cnf is called a“login path,” which is a group that permits only certain options:host,user,password,port andsocket. Think of a login path option group as a set of options that specify which MySQL server to connect to and which account to authenticate as. Here is an unobfuscated example:

[client]user = mydefaultnamepassword = mydefaultpasshost = 127.0.0.1[mypath]user = myothernamepassword = myotherpasshost = localhost

When you invoke a client program to connect to the server, the client uses.mylogin.cnf in conjunction with other option files. Its precedence is higher than other option files, but less than options specified explicitly on the client command line. For information about the order in which option files are used, seeSection 6.2.2.2, “Using Option Files”.

To specify an alternate login path file name, set theMYSQL_TEST_LOGIN_FILE environment variable. This variable is recognized bymysql_config_editor, by standard MySQL clients (mysql,mysqladmin, and so forth), and by themysql-test-run.pl testing utility.

Programs use groups in the login path file as follows:

mysql_config_editor obfuscates the.mylogin.cnf file so it cannot be read as cleartext, and its contents when unobfuscated by client programs are used only in memory. In this way, passwords can be stored in a file in non-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable.mysql_config_editor provides aprint command for displaying the login path file contents, but even in this case, password values are masked so as never to appear in a way that other users can see them.

The obfuscation used bymysql_config_editor prevents passwords from appearing in.mylogin.cnf as cleartext and provides a measure of security by preventing inadvertent password exposure. For example, if you display a regular unobfuscatedmy.cnf option file on the screen, any passwords it contains are visible for anyone to see. With.mylogin.cnf, that is not true, but the obfuscation used is not likely to deter a determined attacker and you should not consider it unbreakable. A user who can gain system administration privileges on your machine to access your files could unobfuscate the.mylogin.cnf file with some effort.

The login path file must be readable and writable to the current user, and inaccessible to other users. Otherwise,mysql_config_editor ignores it, and client programs do not use it, either.

Invokemysql_config_editor like this:

mysql_config_editor [program_options]command [command_options]

If the login path file does not exist,mysql_config_editor creates it.

Command arguments are given as follows:

The position of the command name within the set of program arguments is significant. For example, these command lines have the same arguments, but produce different results:

mysql_config_editor --help setmysql_config_editor set --help

The first command line displays a generalmysql_config_editor help message, and ignores theset command. The second command line displays a help message specific to theset command.

Suppose that you want to establish aclient login path that defines your default connection parameters, and an additional login path namedremote for connecting to the MySQL server the hostremote.example.com. You want to log in as follows:

To set up the login paths in the.mylogin.cnf file, use the followingset commands. Enter each command on a single line, and enter the appropriate passwords when prompted:

$> mysql_config_editor set --login-path=client         --host=localhost --user=localuser --passwordEnter password:enter password "localpass" here$> mysql_config_editor set --login-path=remote         --host=remote.example.com --user=remoteuser --passwordEnter password:enter password "remotepass" here

mysql_config_editor uses theclient login path by default, so the--login-path=client option can be omitted from the first command without changing its effect.

To see whatmysql_config_editor writes to the.mylogin.cnf file, use theprint command:

$> mysql_config_editor print --all[client]user = localuserpassword = *****host = localhost[remote]user = remoteuserpassword = *****host = remote.example.com

Theprint command displays each login path as a set of lines beginning with a group header indicating the login path name in square brackets, followed by the option values for the login path. Password values are masked and do not appear as cleartext.

If you do not specify--all to display all login paths or--login-path=name to display a named login path, theprint command displays theclient login path by default, if there is one.

As shown by the preceding example, the login path file can contain multiple login paths. In this way,mysql_config_editor makes it easy to set up multiple“personalities” for connecting to different MySQL servers, or for connecting to a given server using different accounts. Any of these can be selected by name later using the--login-path option when you invoke a client program. For example, to connect to the remote server, use this command:

mysql --login-path=remote

Here,mysql reads the[client] and[mysql] option groups from other option files, and the[client],[mysql], and[remote] groups from the login path file.

To connect to the local server, use this command:

mysql --login-path=client

Becausemysql reads theclient andmysql login paths by default, the--login-path option does not add anything in this case. That command is equivalent to this one:

mysql

Options read from the login path file take precedence over options read from other option files. Options read from login path groups appearing later in the login path file take precedence over options read from groups appearing earlier in the file.

mysql_config_editor adds login paths to the login path file in the order you create them, so you should create more general login paths first and more specific paths later. If you need to move a login path within the file, you can remove it, then recreate it to add it to the end. For example, aclient login path is more general because it is read by all client programs, whereas amysqldump login path is read only bymysqldump. Options specified later override options specified earlier, so putting the login paths in the orderclient,mysqldump enablesmysqldump-specific options to overrideclient options.

When you use theset command withmysql_config_editor to create a login path, you need not specify all possible option values (host name, user name, password, port, socket). Only those values given are written to the path. Any missing values required later can be specified when you invoke a client path to connect to the MySQL server, either in other option files or on the command line. Any options specified on the command line override those specified in the login path file or other option files. For example, if the credentials in theremote login path also apply for the hostremote2.example.com, connect to the server on that host like this:

mysql --login-path=remote --host=remote2.example.com

mysql_config_editor General Options

mysql_config_editor supports the following general options, which may be used preceding any command named on the command line. For descriptions of command-specific options, seemysql_config_editor Commands and Command-Specific Options.

mysql_config_editor Commands and Command-Specific Options

This section describes the permittedmysql_config_editor commands, and, for each one, the command-specific options permitted following the command name on the command line.

In addition,mysql_config_editor supports general options that can be used preceding any command. For descriptions of these options, seemysql_config_editor General Options.

mysql_config_editor supports these commands: