Re: Password function not working with latest 4.1 tree

Thu, 19 Dec 2002 04:52:48 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 19 Dec 2002 [EMAIL PROTECTED] wrote:

> >Description:
>       with the latest 4.1 tree (from today) the PASSWORD() function returns random 
>alpha-numeric text /[a-f0-9]/
>       45 characters in length (which is too long for a password string). The string 
>always starts with a * (asterisk).
>       example:        *95144feaa0f433f3f62c29382697a1e631b283f860f0
>
> >How-To-Repeat:
>       Using latest BK 4.1 tree, SELECT PASSWORD('something');

Yes, that's intentional - we have changed this in 4.1, but it's not
documented in the manual yet. A quote from the developer working on that
code:

[SNIP]
I've send rather large piece of documentation about it to docs but I
belive they still did not get into the manual.

A lot of changes about MySQL authentication changes are need to be done so
I can understand why it is not that quick.

Also it is not really random, but has some randomity in it. It is whole
idea!

Now password("1") returns different strings all the time - so if you have
many users you can't search for matching hashes for most simple passwords
as you previously could.

password() function is designed especially to provide password hash to be
used MySQL and it still does so.  Some people used it for password
encryption instead of MD5()  or SHA1(). These people are wrong of course
:)

But not being so cruel we left OLD_PASSWORD() function for them which
generates old password hash.

Also --old-passwords startup option can help if you would like to run in
4.0 compatible password generation mode.
[SNIP]

Hope that helps!

Bye,
        LenZ
- -- 
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /      Mr. Lenz Grimmer <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__     MySQL AB, Production Engineer
/_/  /_/\_, /___/\___\_\___/     Hamburg, Germany
       <___/   www.mysql.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+Ab1fSVDhKrJykfIRAi+DAJ9CC9qQAGXS3L7QP5lVPcHwWUO9CgCeIdlX
pouFFLTHUvDidhcLYTpfDXk=
=W3v0
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to