Learning Mysql
Understanding and Changing Passwords
Download 4.24 Mb. View original pdf
|
- Navigate this page:
- 324 | Chapter 9: Managing Users and Privileges
- GRANT ALL ON music TO allmusic@localhost IDENTIFIED BY the_password ;
- SELECT PASSWORD( the_password );
- SELECT OLD_PASSWORD( the_password );
| Understanding and Changing Passwords This section explains how user passwords work in MySQL and how they can be set, changed, and removed. Passwords can be of any length, though practical limitations in some operating systems necessitate that they be no longer than eight characters. When assigning passwords, we recommend that you follow the same principles that 324 | Chapter 9: Managing Users and Privileges you would with any other password-protected system choose passwords that have a mix of uppercase, lowercase, numeric, and special characters avoid using dictionary words and avoid recording your password anywhere it can be easily found. We use no passwords and simple passwords—such as the_password —in this chapter to demonstrate concepts, but we recommend that in practice you use a more complex password that incorporates a mix of letters, numbers, and punctuation symbols (for example, 1n1T?s313Y0 ). Of course, choose a password that you can remember without having to write it down somewhere pieces of paper often turn up in the wrong hands! The simplest method to set a password is to use the IDENTIFIED BY clause when you create or modify the privileges of a user. You’ve seen several examples of this so far in this chapter. Here’s one reproduced from a previous section: mysql> GRANT ALL ON music TO 'allmusic'@'localhost' IDENTIFIED BY 'the_password'; Query OK, 0 rows affected (0.06 sec) This process takes the plain-text string the_password , hashes it using the MySQL PASSWORD( function, and stores the hashed string in the user table in the mysql database. Later, when a client wants a connection as this user, the plain-text password supplied by the client is hashed with the PASSWORD function and compared to the string in the database. If it matches, the client is authenticated otherwise, not. Prior to MySQL 4.1.0, the hashed string was 16 characters in length, and since 4.1.1 it has been characters don’t use MySQL 4.1.0, which has an incompatible character password and a different PASSWORD ) function. You can experiment with the PASSWORD function to examine the strings produced from a plain-text password. With a server older than 4.1.1, or with anew server configured with the old_passwords option, you would see: mysql> SELECT PASSWORD('the_password'); +--------------------------+ | PASSWORD('the_password') | +--------------------------+ | 268f5b591007a24f | +--------------------------+ 1 row inset sec) Using exactly the same command on a MySQL server that is newer than version and that has not been configured with the old_passwords option, we get: mysql> SELECT PASSWORD('the_password'); +-------------------------------------------+ | PASSWORD('the_password') | +-------------------------------------------+ | *201716EF6717C367868F777B9C6E17796F19F379 | +-------------------------------------------+ 1 row inset sec) You can still list the old-format password using the OLD_PASSWORD( ) function: mysql> SELECT OLD_PASSWORD('the_password'); +--------------------------+ Download 4.24 Mb. Share with your friends:
|