MySQL - security - Is there a way to encode master user and password in the options file?

MySQL 实验室因为专注，所以专业。

MySQL知识库 :: security
Is there a way to encode master user and password in the options file?
Discussion

There is no way to encode. At the file system level, the options file (my.cnf or my.ini, depending on your system) should be readable only by MySQL and system administrators. Here is an example of a my.cnf file in which the user account and password is included:
```
master-user = xxxxxx
master-password = xxxxxx
```
This security issue exists with every application. In order for the server to use password, it has to be readable. Even if encryption is added, you would have to provide another password for encoding and decoding when the server is restarted, as well as data would still be readable from kernel memory. The best security practice is to limit access.
Solution

You can secure the options by moving it into a secure directory or into the data directory for MySQL and setting the appropriate permissions on file. If you do this, be sure to modify your start up options to look in the correct directory. However, if you specify the master password with CHANGE MASTER TO it is put into a file in data directory and not in a global or local my.cnf. Therefore, it is not necessary to include the master-password option in the options file.