In every DBA class I teach, I always get the same question: How do I hide the passwords I put in my scripts? And most of the time, it’s related to automating backups using mysqldump. There are a few ways to do this. The easiest is to use SHC.
SHC was created by Francisco Javier Rosales García from the Facultad de Informática at the Universidad Politécnica de Madrid. The purpose of SHC is:
– To protect shell scripts
– To encrypt shell scripts
– To hide important passwords passed via the command line for task automation
– To prevent some clueless person from modifying a functional script and turning it into something that could cost you your job
Basically, bringing it to our “database people” side of things: imagine that you need to leave a backup script in crontab using mysqldump. How do you hide the password? Anyone can edit your backup script, see the password (which is the least of your problems), and even change the script.
To avoid that, you can use SHC to “compile” your script and turn it into an indecipherable executable. What SHC actually does is convert your shell script into C source code and then compile that C code to generate an executable — a binary.
First of all, obviously, it’s recommended that you keep a backup of your original script, because the process is irreversible. If you lose your script and need to change it in the future, you won’t be able to rely on the binary generated by SHC.
To run SHC, you need to have gcc and libc6-dev installed.
Installing SHC
bashCopyEdit[root@teste_server local]# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.6.tgz
[root@teste_server local]# tar -xzf shc-3.8.6.tgz
[root@teste_server local]# cd shc-3.8.6
[root@teste_server local]# sudo make install
Create a database and user for testing on your MySQL server
sqlCopyEditmysql> create database teste;
mysql> grant all on teste.* to teste@localhost identified by '123';
Now, create a backup scripts using your preferred editor
bashCopyEdit[root@teste_server local]# vi meu_script_de_backup
Insert the following content:
bashCopyEdit#!/bin/bash
mysqldump -uteste -p123 teste > bkp.sql
Compiling the script
bashCopyEdit[root@teste_server local]# shc -r -v -T -f meu_script_de_backup
Note that two files are created in your directory: meu_script_de_backup.x and meu_script_de_backup.x.c. The first is the executable binary you can use freely without worry! The second is the C source code generated by the program, which can be discarded.
Visit our Blog
Learn more about databases
Learn about monitoring with advanced tools
Have questions about our services? Visit our FAQ
Want to see how we’ve helped other companies? Check out what our clients say in these testimonials!
Discover the History of HTI Tecnologia
