Learning Mysql
Understanding and Changing Passwords | 325
Download 4.24 Mb. View original pdf
|
- Navigate this page:
- GRANT ALL ON music TO selina@localhost IDENTIFIED BY the_password ;
- SET PASSWORD FOR selina@localhost = PASSWORD( another_password );
| Understanding and Changing Passwords | 325 | PASSWORD('the_password') | +--------------------------+ | 268f5b591007a24f | +--------------------------+ 1 row inset sec) It’s not possible to reverse the hashing process to derive the plain-text password from the hashed string, so the actual passwords cannot be deduced even if you have access to the hashed passwords in the mysql database. However, this scheme is still susceptible to dictionary and brute-force attacks, and allowing access to any user details can have security implications. Hence, you shouldn’t allow users to access the mysql database unless they have administrator privileges. There are three ways to set or change a password. One way is to issue a GRANT statement and include the IDENTIFIED BY clause. Suppose you’ve already created the user 'seli na'@'localhost' using this statement: mysql> GRANT ALL ON music TO 'selina'@'localhost' IDENTIFIED BY 'the_password'; Query OK, 0 rows affected (0.00 sec) If the user exists, you can change the password while you’re granting new privileges, or simply by granting no further privileges as follows: mysql> GRANT USAGE ONTO 'selina'@'localhost' IDENTIFIED BY 'another_password'; Query OK, 0 rows affected (0.00 sec) This statement changes the password but has no effect on the current privileges. Another way to change a password is to use the SET PASSWORD statement. Here’s an example: mysql> SET PASSWORD FOR 'selina'@'localhost' = PASSWORD('another_password'); Query OK, 0 rows affected (0.00 sec) You can set the password for the user you’re logged in as by using: mysql> SET PASSWORD=PASSWORD('the_password'); Query OK, 0 rows affected (0.00 sec) In both cases, remember to include the PASSWORD function in the statement if you leave it out, the server will store the plain-text password instead of the hashed string. When authenticating a user, MySQL compares the hash of the user’s input to the stored string if the stored string isn’t already hashed, these won’t match, and the server will refuse access. You can also use the mysqladmin password command to change your own password from the command line. For example, you can change the password for the user your_mysql_username from your_old_mysql_password to your new mysql password by typing mysqladmin \ Download 4.24 Mb. Share with your friends:
|