[FR] Ability to provide different DB credentials for running backups #15218
Unanswered
rob-baker-ar
asked this question in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Since this #14897 allows for modification of the backup command via a
\Closure
, it would be helpful, in order to work around this #12557, to have the ability to provide different user credentials for the database that has the extra permissions required for, in our case, adding the--single-transaction
argument to themysqldump
command.This would allow single transaction db backups on MySQL installs at
v8.0.32
or above, while not adding a potentially dangerous permission (either theRELOAD
orFLUSH_TABLES
privilege that is now required for the--single-transaction
command argument) to the core database user that is used in on the front-end and throughout the CMS.Currently, the backup system writes out a temporary MySQL configuration that contains the db username / password, which makes it non-trivial to change the credentials the command uses.
It is theoretically possible to provide credentials via the command arguments, but convention suggests this is not ideal as the password could appear in plain text in log files / shell histories etc. Although, I suppose this already happens by writing the username / password to the temporary MySQL config file. I would think supplying command line credentials is worse that this though, so don't really want to go down this route.
Beta Was this translation helpful? Give feedback.
All reactions