The mysql_config_editor utility enables you to store authentication credentials in an obfuscated login path file named mysql_config_editor实用程序使您能够将身份验证凭据存储在名为.mylogin.cnf. .mylogin.cnf的混淆登录路径文件中。The file location is the 文件位置在Windows上为%APPDATA%\MySQL directory on Windows and the current user's home directory on non-Windows systems. %APPDATA%\MySQL目录,在非Windows系统上为当前用户的主目录。The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server.MySQL客户端程序稍后可以读取该文件,以获取连接到MySQL服务器的身份验证凭据。
The unobfuscated format of the .mylogin.cnf login path file consists of option groups, similar to other option files. .mylogin.cnf登录路径文件的不复杂格式由选项组组成,类似于其他选项文件。Each option group in .mylogin.cnf is called a “login path,” which is a group that permits only certain options: host, user, password, port and socket. .mylogin.cnf中的每个选项组都称为“登录路径”,这是一个只允许某些选项的组:host、user、password、port和socket。Think of a login path option group as a set of options that specify which MySQL server to connect to and which account to authenticate as. Here is an unobfuscated example:将登录路径选项组视为一组选项,指定要连接到哪个MySQL服务器以及要作为哪个帐户进行身份验证。以下是一个不复杂的示例:
[client] user = mydefaultname password = mydefaultpass host = 127.0.0.1 [mypath] user = myothername password = myotherpass host = localhost
When you invoke a client program to connect to the server, the client uses 当您调用客户端程序连接到服务器时,客户端将.mylogin.cnf in conjunction with other option files. Its precedence is higher than other option files, but less than options specified explicitly on the client command line. .mylogin.cnf与其他选项文件结合使用。它的优先级高于其他选项文件,但低于在客户端命令行上明确指定的选项。For information about the order in which option files are used, see Section 4.2.2.2, “Using Option Files”.有关选项文件使用顺序的信息,请参阅第4.2.2.2节,“使用选项文件”。
To specify an alternate login path file name, set the 要指定备用登录路径文件名,请设置MYSQL_TEST_LOGIN_FILE environment variable. MYSQL_TEST_LOGIN_FILE环境变量。This variable is recognized by mysql_config_editor, by standard MySQL clients (mysql, mysqladmin, and so forth), and by the mysql-test-run.pl testing utility.此变量由mysql_config_editor、标准mysql客户端(mysql、mysqladmin等)和mysql-test-run.pl测试实用程序识别。
Programs use groups in the login path file as follows:程序在登录路径文件中使用组,如下所示:
mysql_config_editor operates on the 如果您指定非client login path by default if you specify no --login-path= option to indicate explicitly which login path to use.name--login-path=name选项来明确指示要使用哪个登录路径,则mysql_config_editor默认对client登录路径进行操作。
Without a 如果没有--login-path option, client programs read the same option groups from the login path file that they read from other option files. Consider this command:--login-path选项,客户端程序从登录路径文件读取的选项组与从其他选项文件读取的相同。考虑以下命令:
mysql
By default, the mysql client reads the 默认情况下,mysql客户端从其他选项文件中读取[client] and [mysql] groups from other option files, so it reads them from the login path file as well.[client]和[mysql]组,因此它也从登录路径文件中读取它们。
With a 使用--login-path option, client programs additionally read the named login path from the login path file. --login-path选项,客户端程序还可以从登录路径文件中读取指定的登录路径。The option groups read from other option files remain the same. Consider this command:从其他选项文件读取的选项组保持不变。考虑以下命令:
mysql --login-path=mypath
The mysql client reads mysql客户端从其他选项文件中读取[client] and [mysql] from other option files, and [client], [mysql], and [mypath] from the login path file.[client]和[mysql],从登录路径文件中读取[client]、[mysql]和[mypath]。
Client programs read the login path file even when the 即使使用了--no defaults选项,客户端程序也会读取登录路径文件。--no-defaults option is used. This permits passwords to be specified in a safer way than on the command line even if 这允许以比命令行更安全的方式指定密码,即使存在--no-defaults is present.--no-defaults。
mysql_config_editor obfuscates the mysql_config_editor会混淆.mylogin.cnf file so it cannot be read as cleartext, and its contents when unobfuscated by client programs are used only in memory. .mylogin.cnf文件,使其无法作为明文读取,并且当客户端程序未混淆时,其内容仅在内存中使用。In this way, passwords can be stored in a file in non-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable. 通过这种方式,密码可以以非明文格式存储在文件中,并在以后使用,而无需在命令行或环境变量中公开。mysql_config_editor provides a mysql_config_editor提供了一个打印命令来显示登录路径文件内容,但即使在这种情况下,密码值也会被屏蔽,这样其他用户就不会看到它们。print command for displaying the login path file contents, but even in this case, password values are masked so as never to appear in a way that other users can see them.
The obfuscation used by mysql_config_editor prevents passwords from appearing in mysql_config_editor使用的混淆防止密码以明文形式出现在.mylogin.cnf as cleartext and provides a measure of security by preventing inadvertent password exposure. .mylogin.cnf中,并通过防止无意中暴露密码来提供安全措施。For example, if you display a regular unobfuscated 例如,如果您在屏幕上显示一个常规的未混淆的my.cnf option file on the screen, any passwords it contains are visible for anyone to see. my.cnf选项文件,则任何人都可以看到它包含的任何密码。With 对于.mylogin.cnf, that is not true, but the obfuscation used is not likely to deter a determined attacker and you should not consider it unbreakable. .mylogin.cnf,这不是真的,但使用的混淆不太可能阻止一个坚定的攻击者,你不应该认为它牢不可破。A user who can gain system administration privileges on your machine to access your files could unobfuscate the 可以在您的计算机上获得系统管理权限以访问您的文件的用户可以通过一些努力来消除.mylogin.cnf file with some effort..mylogin.cnf文件的混淆。
The login path file must be readable and writable to the current user, and inaccessible to other users. 登录路径文件必须对当前用户可读写,其他用户无法访问。Otherwise, mysql_config_editor ignores it, and client programs do not use it, either.否则,mysql_config_editor会忽略它,客户端程序也不会使用它。
Invoke mysql_config_editor like this:调用mysql_config_editor,如下所示:
mysql_config_editor [program_options]command[command_options]
If the login path file does not exist, mysql_config_editor creates it.如果登录路径文件不存在,mysql_config_editor会创建它。
Command arguments are given as follows:命令参数如下:
program_options consists of general mysql_config_editor options.program_options由mysql_config_editor的常规选项组成。
command indicates what action to perform on the .mylogin.cnf login path file. command指示对.mylogin.cnf登录路径文件执行什么操作。For example, 例如,set writes a login path to the file, remove removes a login path, and print displays login path contents.set将登录路径写入文件,remove删除登录路径,print显示登录路径内容。
command_options indicates any additional options specific to the command, such as the login path name and the values to use in the login path.command_options表示特定于该命令的任何其他选项,例如登录路径名和要在登录路径中使用的值。
The position of the command name within the set of program arguments is significant. For example, these command lines have the same arguments, but produce different results:命令名在程序参数集中的位置很重要。例如,这些命令行具有相同的参数,但产生不同的结果:
mysql_config_editor --help set mysql_config_editor set --help
The first command line displays a general mysql_config_editor help message, and ignores the 第一个命令行显示一条通用的mysql_config_editor帮助消息,并忽略set command. The second command line displays a help message specific to the set command.set命令。第二个命令行显示特定于set命令的帮助消息。
Suppose that you want to establish a 假设您想建立一个定义默认连接参数的client login path that defines your default connection parameters, and an additional login path named remote for connecting to the MySQL server the host remote.example.com. You want to log in as follows:client登录路径,以及一个名为remote的附加登录路径,用于连接到MySQL服务器主机remote.example.com。您要按如下方式登录:
By default, to the local server with a user name and password of 默认情况下,使用用户名和密码localuser and localpasslocaluser和localpass连接到本地服务器
To the remote server with a user name and password of 使用remoteuser and remotepassremoteuser和remotepass的用户名和密码连接到远程服务器
To set up the login paths in the 要在.mylogin.cnf file, use the following set commands. Enter each command on a single line, and enter the appropriate passwords when prompted:.mylogin.cnf文件中设置登录路径,请使用以下set命令。在一行中输入每个命令,并在提示时输入相应的密码:
shell>mysql_config_editor set --login-path=client --host=localhost --user=localuser --passwordEnter password:enter password "localpass" hereshell>mysql_config_editor set --login-path=remote --host=remote.example.com --user=remoteuser --passwordEnter password:enter password "remotepass" here
mysql_config_editor uses the mysql_config_editor默认使用客户端登录路径,因此可以在不改变其效果的情况下从第一个命令中省略client login path by default, so the --login-path=client option can be omitted from the first command without changing its effect.--login-path=client选项。
To see what mysql_config_editor writes to the 要查看mysql_config_editor写入.mylogin.cnf file, use the print command:.mylogin.cnf文件的内容,请使用print命令:
shell> mysql_config_editor print --all
[client]
user = localuser
password = *****
host = localhost
[remote]
user = remoteuser
password = *****
host = remote.example.com
The print command displays each login path as a set of lines beginning with a group header indicating the login path name in square brackets, followed by the option values for the login path. Password values are masked and do not appear as cleartext.print命令将每个登录路径显示为一组行,以方括号中指示登录路径名称的组标题开头,后跟登录路径的选项值。密码值被屏蔽,不会以明文形式显示。
If you do not specify 如果不指定--all to display all login paths or --login-path= to display a named login path, the nameprint command displays the client login path by default, if there is one.--all显示所有登录路径或--login-path=name显示命名登录路径,则print命令默认显示客户端登录路径(如果有的话)。
As shown by the preceding example, the login path file can contain multiple login paths. 如上例所示,登录路径文件可以包含多个登录路径。In this way, mysql_config_editor makes it easy to set up multiple “personalities” for connecting to different MySQL servers, or for connecting to a given server using different accounts. 通过这种方式,mysql_config_editor可以轻松设置多个“个性”,以连接到不同的mysql服务器,或使用不同的帐户连接到给定的服务器。Any of these can be selected by name later using the 稍后调用客户端程序时,可以使用--login-path option when you invoke a client program. For example, to connect to the remote server, use this command:--login-path选项按名称选择其中任何一个。例如,要连接到远程服务器,请使用以下命令:
mysql --login-path=remote
Here, mysql reads the 在这里,mysql从其他选项文件中读取[client] and [mysql] option groups from other option files, and the [client], [mysql], and [remote] groups from the login path file.[client]和[mysql]选项组,从登录路径文件中读取[client]、[mysql]和[remote]组。
To connect to the local server, use this command:要连接到本地服务器,请使用以下命令:
mysql --login-path=client
Because mysql reads the 因为mysql默认读取client and mysql login paths by default, the --login-path option does not add anything in this case. That command is equivalent to this one:client和mysql登录路径,所以--login-path选项在这种情况下不会添加任何内容。该命令与以下命令等效:
mysql
Options read from the login path file take precedence over options read from other option files. Options read from login path groups appearing later in the login path file take precedence over options read from groups appearing earlier in the file.从登录路径文件中读取的选项优先于从其他选项文件读取的选项。从登录路径文件中稍后出现的登录路径组中读取的选项优先于从文件中较早出现的组读取的选项。
mysql_config_editor adds login paths to the login path file in the order you create them, so you should create more general login paths first and more specific paths later. If you need to move a login path within the file, you can remove it, then recreate it to add it to the end. mysql_config_editor按照创建登录路径的顺序将登录路径添加到登录路径文件中,因此您应该先创建更通用的登录路径,然后再创建更具体的路径。如果需要在文件中移动登录路径,可以将其删除,然后重新创建以将其添加到末尾。For example, a 例如,客户端登录路径更通用,因为它被所有客户端程序读取,而mysqldump登录路径仅由mysqldump读取。client login path is more general because it is read by all client programs, whereas a mysqldump login path is read only by mysqldump. Options specified later override options specified earlier, so putting the login paths in the order 稍后指定的选项会覆盖之前指定的选项,因此将登录路径按client, mysqldump enables mysqldump-specific options to override client options.client顺序排列,mysqldump启用mysqldump特定的选项来覆盖客户端选项。
When you use the 当您使用mysql_config_editor的set command with mysql_config_editor to create a login path, you need not specify all possible option values (host name, user name, password, port, socket). Only those values given are written to the path. set命令创建登录路径时,您不需要指定所有可能的选项值(主机名、用户名、密码、端口、套接字)。只有给定的值才会写入路径。Any missing values required later can be specified when you invoke a client path to connect to the MySQL server, either in other option files or on the command line. 当您调用客户端路径连接到MySQL服务器时,可以在其他选项文件或命令行中指定稍后需要的任何缺失值。Any options specified on the command line override those specified in the login path file or other option files. 命令行上指定的任何选项都会覆盖登录路径文件或其他选项文件中指定的选项。For example, if the credentials in the 例如,如果remote login path also apply for the host remote2.example.com, connect to the server on that host like this:remote登录路径中的凭据也适用于主机remote2.example.com,请按如下方式连接到该主机上的服务器:
mysql --login-path=remote --host=remote2.example.com
mysql_config_editor supports the following general options, which may be used preceding any command named on the command line. mysql_config_editor支持以下常规选项,这些选项可以在命令行上命名的任何命令之前使用。For descriptions of command-specific options, see mysql_config_editor Commands and Command-Specific Options.有关命令特定选项的描述,请参阅mysql_config_editor命令和命令特定选项。
Table 4.20 mysql_config_editor General Options常规选项
--help, -?
Display a general help message and exit.显示一般帮助消息并退出。
To see a command-specific help message, invoke mysql_config_editor as follows, where 要查看特定于命令的帮助消息,请按如下方式调用mysql_config_editor,其中command is a command other than help:command是help以外的命令:
mysql_config_editor command --help --debug[=, debug_options]-# debug_options
Write a debugging log. A typical 编写调试日志。典型的debug_options string is d:t:o,. The default is file_named:t:o,/tmp/mysql_config_editor.trace.debug_options字符串是d:t:o,file_name。默认值为d:t:o,/tmp/mysql_config_editor.trace。
This option is available only if MySQL was built using 仅当MySQL使用WITH_DEBUG. MySQL release binaries provided by Oracle are not built using this option.WITH_DEBUG构建时,此选项才可用。Oracle提供的MySQL发布二进制文件不是使用此选项构建的。
--verbose, -v
Verbose mode. Print more information about what the program does. This option may be helpful in diagnosing problems if an operation does not have the effect you expect.详细模式。打印有关程序功能的更多信息。如果操作没有达到预期的效果,此选项可能有助于诊断问题。
--version, -V
Display version information and exit.显示版本信息并退出。
This section describes the permitted mysql_config_editor commands, and, for each one, the command-specific options permitted following the command name on the command line.本节介绍允许的mysql_config_editor命令,以及对于每个命令,在命令行上命令名后允许的命令特定选项。
In addition, mysql_config_editor supports general options that can be used preceding any command. 此外,mysql_config_editor支持在任何命令之前使用的常规选项。For descriptions of these options, see mysql_config_editor General Options.有关这些选项的说明,请参阅mysql_config_editor常规选项。
mysql_config_editor supports these commands:mysql_config_editor支持以下命令:
help
Display a general help message and exit. This command takes no following options.显示一般帮助消息并退出。此命令不接受以下选项。
To see a command-specific help message, invoke mysql_config_editor as follows, where 要查看特定于命令的帮助消息,请按如下方式调用mysql_config_editor,其中command is a command other than help:command是help以外的命令:
mysql_config_editor command --helpprint [options]
Print the contents of the login path file in unobfuscated form, with the exception that passwords are displayed as 以不显眼的形式打印登录路径文件的内容,但密码显示为*****.*****的情况除外。
The default login path name is 如果没有命名登录路径,则默认登录路径名为client if no login path is named. If both --all and --login-path are given, --all takes precedence.client。如果同时给出--all和--login路径,则--all优先。
The print command permits these options following the command name:print命令允许在命令名称后使用以下选项:
--help, -?
Display a help message for the 显示print command and exit.print命令的帮助消息并退出。
To see a general help message, use mysql_config_editor --help.要查看常规帮助消息,请使用mysql_config_editor --help。
--all
Print the contents of all login paths in the login path file.打印登录路径文件中所有登录路径的内容。
--login-path=, name-G name
Print the contents of the named login path.打印指定登录路径的内容。
remove [options]
Remove a login path from the login path file, or modify a login path by removing options from it.从登录路径文件中删除登录路径,或通过删除其中的选项来修改登录路径。
This command removes from the login path only such options as are specified with the 此命令仅从登录路径中删除使用--host, --password, --port, --socket, and --user options. --host、--password、--port、--socket和--user选项指定的选项。If none of those options are given, 如果没有给出这些选项,则remove removes the entire login path. For example, this command removes only the user option from the mypath login path rather than the entire mypath login path:remove会删除整个登录路径。例如,此命令仅从mypath登录路径中删除user选项,而不是整个mypath登录道路:
mysql_config_editor remove --login-path=mypath --user
This command removes the entire 此命令删除整个mypath login path:mypath登录路径:
mysql_config_editor remove --login-path=mypath
The remove command permits these options following the command name:remove命令允许在命令名称后使用以下选项:
--help, -?
Display a help message for the 显示remove command and exit.remove命令的帮助消息并退出。
To see a general help message, use mysql_config_editor --help.要查看常规帮助消息,请使用mysql_config_editor --help。
--host, -h
Remove the host name from the login path.从登录路径中删除主机名。
--login-path=, name-G name
The login path to remove or modify. The default login path name is 要删除或修改的登录路径。如果未给出此选项,默认登录路径名为client if this option is not given.client。
--password, -p
Remove the password from the login path.从登录路径中删除密码。
--port, -P
Remove the TCP/IP port number from the login path.从登录路径中删除TCP/IP端口号。
--socket, -S
Remove the Unix socket file name from the login path.从登录路径中删除Unix套接字文件名。
--user, -u
Remove the user name from the login path.从登录路径中删除用户名。
--warn, -w
Warn and prompt the user for confirmation if the command attempts to remove the default login path (如果命令试图删除默认登录路径(client) and --login-path=client was not specified. client)并且未指定--login-path=client,则警告并提示用户确认。This option is enabled by default; use 默认情况下启用此选项;使用--skip-warn to disable it.--skip-warn禁用它。
reset [options]
Empty the contents of the login path file.清空登录路径文件的内容。
The reset command permits these options following the command name:reset命令允许在命令名称后使用以下选项:
--help, -?
Display a help message for the 显示reset command and exit.reset命令的帮助消息并退出。
To see a general help message, use mysql_config_editor --help.要查看常规帮助消息,请使用mysql_config_editor --help。
set [options]
Write a login path to the login path file.将登录路径写入登录路径文件。
This command writes to the login path only such options as are specified with the 此命令仅将使用--host, --password, --port, --socket, and --user options. --host、--password、--port、--socket和--user选项指定的选项写入登录路径。If none of those options are given, mysql_config_editor writes the login path as an empty group.如果没有给出这些选项,mysql_config_editor会将登录路径作为空组写入。
The set command permits these options following the command name:set命令允许在命令名称后使用以下选项:
--help, -?
Display a help message for the 显示set command and exit.set命令的帮助消息并退出。
To see a general help message, use mysql_config_editor --help.要查看常规帮助消息,请使用mysql_config_editor --help。
--host=, host_name-h host_name
The host name to write to the login path.要写入登录路径的主机名。
--login-path=, name-G name
The login path to create. The default login path name is 要创建的登录路径。如果未给出此选项,默认登录路径名为client if this option is not given.client。
--password, -p
Prompt for a password to write to the login path. After mysql_config_editor displays the prompt, type the password and press Enter. 提示输入密码以写入登录路径。mysql_config_editor显示提示后,键入密码并按Enter键。To prevent other users from seeing the password, mysql_config_editor does not echo it.为了防止其他用户看到密码,mysql_config_editor不会回显它。
To specify an empty password, press Enter at the password prompt. The resulting login path written to the login path file includes a line like this:要指定空密码,请在密码提示下按Enter键。写入登录路径文件的结果登录路径包括如下行:
password =
--port=, port_num-P port_num
The TCP/IP port number to write to the login path.要写入登录路径的TCP/IP端口号。
--socket=, file_name-S file_name
The Unix socket file name to write to the login path.要写入登录路径的Unix套接字文件名。
--user=, user_name-u user_name
The user name to write to the login path.要写入登录路径的用户名。
--warn, -w
Warn and prompt the user for confirmation if the command attempts to overwrite an existing login path. This option is enabled by default; use 如果该命令试图覆盖现有登录路径,则警告并提示用户进行确认。默认情况下启用此选项;使用--skip-warn to disable it.--skip-warn禁用它。