www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

GNU Info

Info Node: (mysql.info)Passwords

(mysql.info)Passwords

Next: Password security Prev: Adding users Up: User Account Management
Enter node , (file) or (file)node 

Setting Up Passwords
--------------------

In most cases you should use `GRANT' to set up your users/passwords, so
the following only applies for advanced users. Note: `GRANT'.

The examples in the preceding sections illustrate an important
principle: when you store a non-empty password using `INSERT' or
`UPDATE' statements, you must use the `PASSWORD()' function to encrypt
it.  This is because the `user' table stores passwords in encrypted
form, not as plaintext.  If you forget that fact, you are likely to
attempt to set passwords like this:

     shell> mysql -u root mysql
     mysql> INSERT INTO user (Host,User,Password)
            VALUES('%','jeffrey','biscuit');
     mysql> FLUSH PRIVILEGES;

The result is that the plaintext value `'biscuit'' is stored as the
password in the `user' table.  When the user `jeffrey' attempts to
connect to the server using this password, the `mysql' client encrypts
it with `PASSWORD()', generates an authentification vector based on
*encrypted* password and a random number, obtained from server, and
sends the result to the server.  The server uses the `password' value
in the `user' table (that is *not encrypted* value `'biscuit'') to
perform the same calculations, and compares results.  The comparison
fails and the server rejects the connection:

     shell> mysql -u jeffrey -pbiscuit test
     Access denied

Passwords must be encrypted when they are inserted in the `user' table,
so the `INSERT' statement should have been specified like this instead:

     mysql> INSERT INTO user (Host,User,Password)
            VALUES('%','jeffrey',PASSWORD('biscuit'));

You must also use the `PASSWORD()' function when you use `SET PASSWORD'
statements:

     mysql> SET PASSWORD FOR jeffrey@"%" = PASSWORD('biscuit');

If you set passwords using the `GRANT ... IDENTIFIED BY' statement or
the `mysqladmin password' command, the `PASSWORD()' function is
unnecessary.  They both take care of encrypting the password for you,
so you would specify a password of `'biscuit'' like this:

     mysql> GRANT USAGE ON *.* TO jeffrey@"%" IDENTIFIED BY 'biscuit';

or

     shell> mysqladmin -u jeffrey password biscuit

*NOTE:* `PASSWORD()' does not perform password encryption in the same
way that Unix passwords are encrypted.  You should not assume that if
your Unix password and your MySQL password are the same, that
`PASSWORD()' will result in the same encrypted value as is stored in the
Unix password file. Note: User names.
automatically generated by info2www version 1.2.2.9