Currently, Im using a small script to automatically backup my database (of a webserver). To backup the database, I have created a user account with only read and lock privilages. The script will use this user to backup the server. So, the script have the user's password.
The problem is, Im moving the database to a remote server. If I do this, will it be a security risk to use the password in a script like this? I s there a better solution?
What I would do would be to store the backup script on the remote database server and have it dump to stdout. e.g.:
Then call the script through ssh using key based authentication and write the response locally, like this:
I assume you are performing this backup over the internet (i could be wrong) but you should never do this as by default the connection is unencrypted. Using the SSH method it keeps all of the authentication credentials on the server and ensures that the communication channel is protected.
Furthermore you should not expose your database servers to the internet without locking it down first.