mysql_config_editor
4.6.6 mysql_config_editor — MySQL Configuration Utility(mysql 配置功能)
The mysql_config_editor utility (available as of MySQL 5.6.6) enables you to store authentication credentials in an encrypted login file named .mylogin.cnf. The file location is the %APPDATA%\MySQL directory on Windows and the current user's home directory on non-Windows systems. The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server.
mysql_config_editor 这个功能组件是mysql 5.6 后能使用的一个功能,它提供.mylogin.cnf 这个文件存储加密过后的登入认证信息。在windows上这个文件存放在mysql 的安装目录。在其他操作系统这个文件存放在当前用户目录下面。创建完后客户程序能够通过读取此文件获得连接服务其的信息包括密码用户等。
To specify an alternate file name, set the MYSQL_TEST_LOGIN_FILE environment variable. This variable is used by the mysql-test-run.pl testing utility, but also is recognized by mysql_config_editor and by MySQL clients such as mysql, mysqladmin, and so forth.
为了创建这个文件,你需要设置MYSQL_TEST_LOGIN_FILE这个环境变量,mysql-test-run.pl 测试功能,mysql_config_editor ,和mysql 客户段都会使用到这个变量
mysql_config_editor encrypts the .mylogin.cnf file so it cannot be read as clear text, and its contents when decrypted by client programs are used only in memory. In this way, passwords can be stored in a file in non-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable. mysql_config_editor provides a print command that enables the user to display the file contents, but even in this case, password values are masked so as never to appear in a way that other users can see them.
mysql_config_editor 将.mylogin.cf这个文件加密防止他能够直接被读取到,并且文件中的内容只能够在内存中使用。 通过这种方式,密码能够隐式的保存在文件中,这样在命令行使用的时候密码就不需要被暴露,mysql_config_editor 提供了查看。mylogin.conf内容的工具但是即使在查看的时候密码也是不可见的。
The encryption used by mysql_config_editor prevents passwords from appearing in .mylogin.cnf as clear text and provides a measure of security by preventing inadvertent password exposure. For example, if you display a regular unencrypted my.cnf option file on the screen, any passwords it contains are visible for anyone to see. With .mylogin.cnf, that is not true. But the encryption used will not deter a determined attacker and you should not consider it unbreakable. A user who can gain system administration privileges on your machine to access your files could decrypt the .mylogin.cnf file with some effort.
mysql_config_editor 通过加密使得我们能够避免因为疏忽而导致的密码泄漏。例如你查看了my.cnf文件并且输出在屏幕上,所有的密码对于其他人来说都是可见的。但是使用了.mylogin.conf文件就不存在那样的情况。但是这种加密并不能够阻止其他更厉害的攻击行为,你不应把它看作是非常可靠的安全模式。一个获得你操作系统管理员权限的用户很有可能通过其它方式努力将这个文件所解密。
The login file must be readable and writable to the current user, and inaccessible to other users. Otherwise, mysql_config_editor ignores it, and the file is not used by client programs, either. On Windows, this constraint does not apply; instead, the user must have access to the %APPDATA%\MySQL directory.
登入文件必须对只当前用户是可读可写的,否则mysql_config_editor 将忽略它并且客户端程序将不会使用这个文件。另外,在windows操作系统上这个文件的作用是失效的,因为你没有进入%APPDATA%\MySQL 这个目录的权限。
The unencrypted format of the .mylogin.cnf login file consists of option groups, similar to other option files. Each option group in .mylogin.cnf is called a “login path,” which is a group that permits only a limited set of options: host, user, and password. Think of a login path as a set of values that indicate the server host and the credentials for authenticating with the server. Here is an example:
.mylogin.conf 加密文件的格式由选项组,和其他类似的选项组成。在.mylogin.conf文件里每一个选项组都称为"login path" (登入域) 这个域包括了用户名,密码,主机。一个域做为一组构成登入服务器的一组认证值 如下所示:
[myloginpath]
user = myname
password = mypass
host = 127.0.0.1
When you invoke a client program to connect to the server, .mylogin.cnf is used in conjunction with other option files. Its precedence is higher than other option files, but less than options specified explicitly on the client command line.
当你在客户端调用连接到服务器的时候,.mylogin。conf 文件也会和其他选项一并使用。它的优先级要高于其它文件。但是要低于命令行中显式制定的参数。
Invoke mysql_config_editor like this:
shell> mysql_config_editor [program_options] command [command_options]
program_options consists of general mysql_config_editor options. command indicates what command to perform, and command_options indicates any additional options needed by the command.
The command indicates what action to perform on the .mylogin.cnf login file. For example, set writes a login path to the file, remove removes a login path, and print displays login path contents. Any options given provide information to the command, such as the login path name and the values to use in the login path.
The position of the command name within the set of program arguments is significant. For example, these command lines have the same arguments, but produce different results:
mysql_config_editor --help set
mysql_config_editor set --help
The first command line displays general mysql_config_editor help, and ignores the set command. The second command line displays help for the set command.
Suppose that you want to establish two login paths named local and remote for connecting to the local MySQL server and a server on the host remote.example.com. You want to authenticate to the local server with a user name and password of localuser and localpass, and to the remote server with a user name and password of remoteuser and remotepass. To set up the login paths in the .mylogin.cnf file, use the following set commands. Enter each command on a single line, then enter the appropriate password when prompted.
假设你想设置两个连接域一个用于连接本地服务器一个用于连接远程服务器。你可以通过下面的方式创建域。
shell> mysql_config_editor set --login-path=local
--host=localhost --user=localuser --password
Enter password: enter password "localpass" here
shell> mysql_config_editor set --login-path=remote
--host=remote.example.com --user=remoteuser --password
Enter password: enter password "remotepass" here
To see what mysql_config_editor wrote to the .mylogin.cnf file, use the print command:
shell> mysql_config_editor print --all
[local]
user = localuser
password = *****
host = localhost
[remote]
user = remoteuser
password = *****
host = remote.example.com
The print command displays each login path as a set of lines beginning with a group header indicating the login path name in square brackets, followed by the option values for the login path. Password values are masked and do not appear as clear text.
print 命令展示了登入域中的各项信息,但是密码是不会显示的。
As shown by the preceding examples, the .mylogin.cnf file can contain multiple login paths. In this way, mysql_config_editor makes it easy to set up multiple “personalities” for connecting to different MySQL servers. Any of these can be selected by name later using the --login-path option when you invoke a client program. For example, to connect to the local server, use this command:
在前面的例子中.mylogin.conf 包含了多种登入域,在这种情况下mysql_config_editor能够通过-login-path制定不同的参数很轻松的登入到服务器中例如:
shell> mysql --login-path=local
To connect to the remote server, use this command:
shell> mysql --login-path=remote
When you use the set command with mysql_config_editor to create a login path, you need not specify all three possible option values (host name, user name, and password). Only those values given are written to the path. Any missing values required later can be specified when you invoke a client path to connect to the MySQL server, either in other option files or on the command line. Also, any options specified on the command line override those in option files, including the .mylogin.cnf file. For example, if the credentials in the remote login path also apply for the host remote2.example.com, you can connect to the server on that host like this:
当你通过mysql_config_editor设定了登入域的时候你不需要再设置他的内容,但是当你的域中缺少内容的时候你是可以通过命令行指定的。
shell> mysql --login-path=remote --host=remote2.example.com
The .mylogin.cnf file, if it exists, is read in all cases, even when the --no-defaults option is used. This permits passwords to be specified in a safer way than on the command line even if --no-defaults is present.
mysql_config_editor Commands
This section describes the permitted mysql_config_editor commands, and the interpretation of options that have a command-specific meaning. In addition, mysql_config_editor takes other options that can be used with any command, such as --verbose to produce more information as mysql_config_editor executes. This option may be helpful in diagnosing problems if an operation does not have the effect you expect. For a list of supported options, see mysql_config_editor Options.
The mysql_config_editor utility (available as of MySQL 5.6.6) enables you to store authentication credentials in an encrypted login file named .mylogin.cnf. The file location is the %APPDATA%\MySQL directory on Windows and the current user's home directory on non-Windows systems. The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server.
mysql_config_editor 这个功能组件是mysql 5.6 后能使用的一个功能,它提供.mylogin.cnf 这个文件存储加密过后的登入认证信息。在windows上这个文件存放在mysql 的安装目录。在其他操作系统这个文件存放在当前用户目录下面。创建完后客户程序能够通过读取此文件获得连接服务其的信息包括密码用户等。
To specify an alternate file name, set the MYSQL_TEST_LOGIN_FILE environment variable. This variable is used by the mysql-test-run.pl testing utility, but also is recognized by mysql_config_editor and by MySQL clients such as mysql, mysqladmin, and so forth.
为了创建这个文件,你需要设置MYSQL_TEST_LOGIN_FILE这个环境变量,mysql-test-run.pl 测试功能,mysql_config_editor ,和mysql 客户段都会使用到这个变量
mysql_config_editor encrypts the .mylogin.cnf file so it cannot be read as clear text, and its contents when decrypted by client programs are used only in memory. In this way, passwords can be stored in a file in non-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable. mysql_config_editor provides a print command that enables the user to display the file contents, but even in this case, password values are masked so as never to appear in a way that other users can see them.
mysql_config_editor 将.mylogin.cf这个文件加密防止他能够直接被读取到,并且文件中的内容只能够在内存中使用。 通过这种方式,密码能够隐式的保存在文件中,这样在命令行使用的时候密码就不需要被暴露,mysql_config_editor 提供了查看。mylogin.conf内容的工具但是即使在查看的时候密码也是不可见的。
The encryption used by mysql_config_editor prevents passwords from appearing in .mylogin.cnf as clear text and provides a measure of security by preventing inadvertent password exposure. For example, if you display a regular unencrypted my.cnf option file on the screen, any passwords it contains are visible for anyone to see. With .mylogin.cnf, that is not true. But the encryption used will not deter a determined attacker and you should not consider it unbreakable. A user who can gain system administration privileges on your machine to access your files could decrypt the .mylogin.cnf file with some effort.
mysql_config_editor 通过加密使得我们能够避免因为疏忽而导致的密码泄漏。例如你查看了my.cnf文件并且输出在屏幕上,所有的密码对于其他人来说都是可见的。但是使用了.mylogin.conf文件就不存在那样的情况。但是这种加密并不能够阻止其他更厉害的攻击行为,你不应把它看作是非常可靠的安全模式。一个获得你操作系统管理员权限的用户很有可能通过其它方式努力将这个文件所解密。
The login file must be readable and writable to the current user, and inaccessible to other users. Otherwise, mysql_config_editor ignores it, and the file is not used by client programs, either. On Windows, this constraint does not apply; instead, the user must have access to the %APPDATA%\MySQL directory.
登入文件必须对只当前用户是可读可写的,否则mysql_config_editor 将忽略它并且客户端程序将不会使用这个文件。另外,在windows操作系统上这个文件的作用是失效的,因为你没有进入%APPDATA%\MySQL 这个目录的权限。
The unencrypted format of the .mylogin.cnf login file consists of option groups, similar to other option files. Each option group in .mylogin.cnf is called a “login path,” which is a group that permits only a limited set of options: host, user, and password. Think of a login path as a set of values that indicate the server host and the credentials for authenticating with the server. Here is an example:
.mylogin.conf 加密文件的格式由选项组,和其他类似的选项组成。在.mylogin.conf文件里每一个选项组都称为"login path" (登入域) 这个域包括了用户名,密码,主机。一个域做为一组构成登入服务器的一组认证值 如下所示:
[myloginpath]
user = myname
password = mypass
host = 127.0.0.1
When you invoke a client program to connect to the server, .mylogin.cnf is used in conjunction with other option files. Its precedence is higher than other option files, but less than options specified explicitly on the client command line.
当你在客户端调用连接到服务器的时候,.mylogin。conf 文件也会和其他选项一并使用。它的优先级要高于其它文件。但是要低于命令行中显式制定的参数。
Invoke mysql_config_editor like this:
shell> mysql_config_editor [program_options] command [command_options]
program_options consists of general mysql_config_editor options. command indicates what command to perform, and command_options indicates any additional options needed by the command.
The command indicates what action to perform on the .mylogin.cnf login file. For example, set writes a login path to the file, remove removes a login path, and print displays login path contents. Any options given provide information to the command, such as the login path name and the values to use in the login path.
The position of the command name within the set of program arguments is significant. For example, these command lines have the same arguments, but produce different results:
mysql_config_editor --help set
mysql_config_editor set --help
The first command line displays general mysql_config_editor help, and ignores the set command. The second command line displays help for the set command.
Suppose that you want to establish two login paths named local and remote for connecting to the local MySQL server and a server on the host remote.example.com. You want to authenticate to the local server with a user name and password of localuser and localpass, and to the remote server with a user name and password of remoteuser and remotepass. To set up the login paths in the .mylogin.cnf file, use the following set commands. Enter each command on a single line, then enter the appropriate password when prompted.
假设你想设置两个连接域一个用于连接本地服务器一个用于连接远程服务器。你可以通过下面的方式创建域。
shell> mysql_config_editor set --login-path=local
--host=localhost --user=localuser --password
Enter password: enter password "localpass" here
shell> mysql_config_editor set --login-path=remote
--host=remote.example.com --user=remoteuser --password
Enter password: enter password "remotepass" here
To see what mysql_config_editor wrote to the .mylogin.cnf file, use the print command:
shell> mysql_config_editor print --all
[local]
user = localuser
password = *****
host = localhost
[remote]
user = remoteuser
password = *****
host = remote.example.com
The print command displays each login path as a set of lines beginning with a group header indicating the login path name in square brackets, followed by the option values for the login path. Password values are masked and do not appear as clear text.
print 命令展示了登入域中的各项信息,但是密码是不会显示的。
As shown by the preceding examples, the .mylogin.cnf file can contain multiple login paths. In this way, mysql_config_editor makes it easy to set up multiple “personalities” for connecting to different MySQL servers. Any of these can be selected by name later using the --login-path option when you invoke a client program. For example, to connect to the local server, use this command:
在前面的例子中.mylogin.conf 包含了多种登入域,在这种情况下mysql_config_editor能够通过-login-path制定不同的参数很轻松的登入到服务器中例如:
shell> mysql --login-path=local
To connect to the remote server, use this command:
shell> mysql --login-path=remote
When you use the set command with mysql_config_editor to create a login path, you need not specify all three possible option values (host name, user name, and password). Only those values given are written to the path. Any missing values required later can be specified when you invoke a client path to connect to the MySQL server, either in other option files or on the command line. Also, any options specified on the command line override those in option files, including the .mylogin.cnf file. For example, if the credentials in the remote login path also apply for the host remote2.example.com, you can connect to the server on that host like this:
当你通过mysql_config_editor设定了登入域的时候你不需要再设置他的内容,但是当你的域中缺少内容的时候你是可以通过命令行指定的。
shell> mysql --login-path=remote --host=remote2.example.com
The .mylogin.cnf file, if it exists, is read in all cases, even when the --no-defaults option is used. This permits passwords to be specified in a safer way than on the command line even if --no-defaults is present.
mysql_config_editor Commands
This section describes the permitted mysql_config_editor commands, and the interpretation of options that have a command-specific meaning. In addition, mysql_config_editor takes other options that can be used with any command, such as --verbose to produce more information as mysql_config_editor executes. This option may be helpful in diagnosing problems if an operation does not have the effect you expect. For a list of supported options, see mysql_config_editor Options.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/26764973/viewspace-1480858/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/26764973/viewspace-1480858/