Felix Geerinckx wrote:
On 24/11/2005, Lowell Allen wrote:
but I'm looking for a way to convert the short hash values into
comparable long hash values.
This is (fortunately) *not* possible.
Apparently the upgrade procedure can successfully convert
short-to-long hash values for MySQL user passwords
It doesn't. It uses the old method for old passwords and the new one
for new passwords. Look up the OLD_PASSWORD() function.
Any practical advice greatly appreciated.
You can use OLD_PASSWORD() for old passwords (16 chars) and PASSWORD()
for new passwords (41 chars, starting with a '*').
Since you are receiving the password from the user when he/she logs in,
you can add some logic to your login procedure to change the password
to the new hashing.
That seems like very good advice, thanks. Is there a proactive way to
deal with this problem on servers that haven't been upgraded to 4.1 yet?
Like changing the login to use OLD_PASSWORD() and writing to a new
password field with an encryption function? In other words, something
that would work pre-4.1 and also post-4.1. (Just writing
conversationally, I'll check into it myself.)
P.S.: This is exactly why MySQL AB advises against the use of
PASSWORD() for your own authentication.
I missed that advisement completely, but I would have prefered a new
name for a new function instead of changing the results of an existing
function.
--
Lowell Allen
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
