• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 774
  • Last Modified:

How do I hide the details contained in a .bat file being echoed out when the .bat file is run through a system command embedded in a Php script.

This is a question arising out of the solution to the question (link provided below)

http://rdsrc.us/Q3BDMh

Kindly see the question-answer posts by following the link above.

When I run the php script it executes a .bat file through a system command and it prints out all details including the username, password, database name, database directory etc. This is not good for security. I have reproduced the display in the browser below.

C:\xampp\htdocs\someDir>SET BackupDir=C:\xampp\htdocs\someDir\backup C:\xampp\htdocs\someDir>SET mysqldir=C:\Xampp\mysql\bin C:\xampp\htdocs\someDir>SET mysqlpassword=pword C:\xampp\htdocs\someDir>SET mysqluser=user C:\xampp\htdocs\someDir>SET databaselist=db C:\xampp\htdocs\someDir>SET backupfile=fullbackup_/1_ 0_Sa_21_23_18.sql C:\xampp\htdocs\someDir>echo C:\xampp\htdocs\someDir\backup\fullbackup_/1_ 0_Sa_21_23_18.sql C:\xampp\htdocs\someDir\backup\fullbackup_/1_ 0_Sa_21_23_18.sql C:\xampp\htdocs\someDir>C: C:\xampp\htdocs\someDir>CD C:\Xampp\mysql\bin C:\xampp\mysql\bin>mysqldump -u user -ppword --databases db 0_Sa_21_23_18.sql 1>C:\xampp\htdocs\someDIr\backup\fullbackup_/1_

I want to hide all this and show nothing. How do I do it? Can anyone please help me? Thanks in advance!
0
786aslamkhan
Asked:
786aslamkhan
  • 3
  • 2
  • 2
  • +2
1 Solution
 
Norm DickinsonGuruCommented:
You should be able to insert the line

@echo off

in the beginning of the batch file.
0
 
paultomasiCommented:
Don't you mean something like this:

@echo off
SET Destination=C:\xampp\htdocs\someDir\backup
SET Source=C:\Xampp\mysql\bin
SET Password=pword
SET User=user
SET DBList=db
SET BackupFile=fullbackup_/1_0_Sa_21_23_18.sql

echo %Destination%\%BackupFile%

pushd "%Source%"

mysqldump -u %User% -p %Password% --databases %DBList% >"%Destination%\%BackupFile%"

popd

Open in new window

0
 
Steve KnightIT ConsultancyCommented:
You could also simplify it to less lines too:

@echo off
cd /d C:\Xampp\mysql\bin
mysqldump -u user -p pword --databases db >"C:\xampp\htdocs\someDir\backup\fullbackup_/1_0_Sa_21_23_18.sql"

Might be worth adding a last line:

del "%~f0" /q

so it deletes itself - i.e. the temporary batch file with password in it.

If you can set a default dir when running from the PHP you could possibly do away with the batch and put the exe details in there, i.e. just:

mysqldump -u user -p pword --databases db >"C:\xampp\htdocs\someDir\backup\fullbackup_/1_0_Sa_21_23_18.sql"

You could also hide the password if this batch file isn't created on the fly and is stored somewhere to be ran using ADS:

http://scripts.dragon-it.co.uk/links/batch-password1
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
786aslamkhanAuthor Commented:
tqfdotus Thank you for the solution and first!

paultomasi Thank you for offering the code!

dragon-it Thanks for offering an additional option. I shall definitely explore it as it is a great opportunity to learn.

Thanks a ton for your interest, time, and expertise! I really appreciate it!
0
 
Steve KnightIT ConsultancyCommented:
No problem.  I knew you had your answer anyway, just filling in more.
0
 
786aslamkhanAuthor Commented:
Thanks! Really appreciate your effort and spirit!
0
 
Norm DickinsonGuruCommented:
Glad to help - that one comes from back in the good old days of DOS!
0
 
fiboCommented:
B-) and remember to remove the "echo " line I had you to insert in line 9 for debugging purposes!
0
 
786aslamkhanAuthor Commented:
Yes thank you so very much, I really appreciate it fibo.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now