Learning Mysql


Understanding and Changing Passwords



Download 4.24 Mb.
View original pdf
Page298/366
Date04.08.2023
Size4.24 Mb.
#61806
1   ...   294   295   296   297   298   299   300   301   ...   366
Learning MySQL
Understanding and Changing Passwords
This section explains how user passwords work in MySQL and how they can be set,
changed, and removed. Passwords can be of any length, though practical limitations in some operating systems necessitate that they be no longer than eight characters.
When assigning passwords, we recommend that you follow the same principles that
324 | Chapter 9:
Managing Users and Privileges

you would with any other password-protected system choose passwords that have a mix of uppercase, lowercase, numeric, and special characters avoid using dictionary words and avoid recording your password anywhere it can be easily found. We use no passwords and simple passwords—such as
the_password
—in this chapter to demonstrate concepts, but we recommend that in practice you use a more complex password that incorporates a mix of letters, numbers, and punctuation symbols (for example,
1n1T?s313Y0
). Of course, choose a password that you can remember without having to write it down somewhere pieces of paper often turn up in the wrong hands!
The simplest method to set a password is to use the IDENTIFIED BY
clause when you create or modify the privileges of a user. You’ve seen several examples of this so far in this chapter. Here’s one reproduced from a previous section:
mysql> GRANT ALL ON music TO 'allmusic'@'localhost' IDENTIFIED BY 'the_password';
Query OK, 0 rows affected (0.06 sec)
This process takes the plain-text string
the_password
, hashes it using the MySQL
PASSWORD( function, and stores the hashed string in the user table in the mysql database. Later, when a client wants a connection as this user, the plain-text password supplied by the client is hashed with the PASSWORD function and compared to the string in the database. If it matches, the client is authenticated otherwise, not. Prior to
MySQL 4.1.0, the hashed string was 16 characters in length, and since 4.1.1 it has been characters don’t use MySQL 4.1.0, which has an incompatible character password and a different PASSWORD )
function.
You can experiment with the PASSWORD function to examine the strings produced from a plain-text password. With a server older than 4.1.1, or with anew server configured with the old_passwords option, you would see:
mysql> SELECT PASSWORD('the_password');
+--------------------------+
| PASSWORD('the_password') |
+--------------------------+
| 268f5b591007a24f |
+--------------------------+
1 row inset sec)
Using exactly the same command on a MySQL server that is newer than version and that has not been configured with the old_passwords option, we get:
mysql> SELECT PASSWORD('the_password');
+-------------------------------------------+
| PASSWORD('the_password') |
+-------------------------------------------+
| *201716EF6717C367868F777B9C6E17796F19F379 |
+-------------------------------------------+
1 row inset sec)
You can still list the old-format password using the
OLD_PASSWORD( )
function:
mysql> SELECT OLD_PASSWORD('the_password');
+--------------------------+

Download 4.24 Mb.

Share with your friends:
1   ...   294   295   296   297   298   299   300   301   ...   366




The database is protected by copyright ©ininet.org 2025
send message

    Main page