Thanks everyone for the discussion.
From reading the SQL docs bobstro linked to it looks to me that there are the following options
- Use -ppassword as in the example - but this exposes the command line to ps
- Store the password in an option file, that will live in /root - so it is effectively the "Linux way" I first mentioned, but not available to ps
- Store the password in the MYSQL_PWD environment variable, which generally just sounds bad
- Do not run this as an automatic process, but do it manually.
I think option 2 looks like the one I will go with.
I'm not sure how encrypting the password would help (if sqldump even allows encrypted passwords) since as jojopi said...
jojopi wrote:So if I can read the text file I can access the database, and nothing has really changed?
And the intention here is to allow unattended regular backups, so I would need to put the encrypted password in the script.
DougieLawson wrote:The underlying problem is that your SQL data includes plain text passwords rather than encrypted passwords. That's a problem for the Owncloud developers to resolve.
I'm not sure this is true, as the problem I'm trying to resolve is how the backup the mysql database.
Yes it may be true that Owncloud user passwords are not encrypted, and that would be a problem for the Owncloud dev,'s ro resolve but I just need to worry about backing up the database and keeping it safe once I have.
As to general security, I have my own personal account on the pi, have removed the pi use and only allow encrypted ssh access. There is a firewall in place, however I decided not to restrict access to only a few external IP addresses since I want to be able to access anywhere.
I'm sure there is more I can, do, but as usual its about balancing security with ease of use.
Once again, thanks for the assistance