Securely specify mysql credentials in automated scripts

Often, you may want to run a script that uses a username and password to access data in a MySQL database. Securely running a script like this manually is easy – simply use the ‘-p’ option for the MySQL client, and it will prompt you for the password. However, this is not an option if you want to automate the script.

There are several ways to provide the password in a way that can be used with automated scripts, but only one that is both flexible and secure. You can specify the password on the command line itself (with ‘mysql -p ‘); however, this allows the password be seen by other users who run commands like ‘ps’. Another option is setting the environment variable “MYSQL_PWD” to the password, but this can also be seen by other users. Continue reading “Securely specify mysql credentials in automated scripts”

OpenSSH SOCKS proxy support

Often, when you’re administering or developing on servers remotely, you may need to access resources that are not available to the public. There are several different ways that you can gain access to protected services from a remote location, including a VPN, port forwarding over SSH, and stunnel.

However, one method that is not as well known is OpenSSH’s SOCKS proxy option. Introduced in OpenSSH 3.7, SOCKS support allows you to easily tunnel traffic from any application that has support for a SOCKS4 or SOCKS5 proxy through your SSH connection. To do this, you simply need to add ‘-D <port>’ to your ssh connection string, where <port> is the port you would like your proxy to run on. Then, configure your application to use a proxy at localhost:<port>, and all of the traffic from that application will be tunneled through your SSH connection.

In addition to accessing protected resources, you can also use this for more everyday tasks – such as encrypting traffic sent over a public wireless connection.