0

I have written a CGI script using bash which executes a MySQL query . Since my purpose is to automate a task , I had to put MySQL credentials in the script only with the password being in plain text . The issue for me is the server in question which will execute the script is a production server with outside access . I am looking for a solution where the automation remains but without supplying the password in plain text .

PS: One solution for me is to enforce strict permissions by removing all permission for others,groups with rwx for root and ownership changed to root. But since this is a CGI script, I cannot remove read and execute permission for others.

The code is as follows

#!/bin/bash

echo "Content-type: text/html"
echo ""

echo "<html>"
echo "<body>"

mysql -h $host -u root -ptest -e "select User,marks,percent from $db;" | sed  's/\t/,/g' > /tmp/out.csv `

gnuplot gnudg.sh

echo "<img src="http://172.16.0.19/report/histreport.png" alt="DG-Reports">"

echo "</body>"
echo "</html>" `

Script permission: 

ls -l /var/www/cgi-bin/ssdg/ssdgplot.sh

-rwxr-xr-x 1 root root 1589 Apr 22 12:41 /var/www/cgi-bin/ssdg/ssdgplot.sh

Improve this question
2
  • Two questions: do everyone who "executes" this script is safe to know the password ? or not ? and the person with whome you want to hide password logs in as root? Commented Apr 22, 2014 at 10:17
  • The script is a CGI program and is executed whenever the weblink pointing to the script is clicked . The weblink is accessible on Internet. Also except root other users are not trusted to know the password. – Commented Apr 23, 2014 at 6:09

1 Answer 1

Reset to default
1

For mysql you can use option file read from reference1, reference2 You can set values like username and password

[db-details]
user=username
password=password

and read this file for logging in to db in script. and to avoid anyone else read it except root, just the permissions as

chmod 600 option_file
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks. Implementation details is also available here linuxjournal.com/node/1001956

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.