Manuel Schmitt (manitu) wrote:
Hi,
I'am searching for a way to have mysqld log all passwords which clients
are using (trying) while connecting.
As to the documentation and to my trials neither the error log nor the
general query log contain passwords, only the usernames.
I already tried to
On 3/5/06, Manuel Schmitt (manitu) [EMAIL PROTECTED] wrote:
is there a reason that the unknown passwords can't simply be reset?
yes, because not all clients are currently known and resetting them
would possibly break the application(s)
I am not pretty sure, but MySQL use to send encrypted
I believe Daniel is correct. The passwords are hashed before leaving the
client. You may be able to capture invalid hashes but they are already
encrypted before they get to the server. I do not know of any event or
callback function you can use to tie into the server to trigger a logging
Hi,
I'am searching for a way to have mysqld log all passwords which clients
are using (trying) while connecting.
As to the documentation and to my trials neither the error log nor the
general query log contain passwords, only the usernames.
I already tried to get them via ethereal, but this
having an application log actual passwords (whether the login was
successful or not) is a major security risk, hence no self-respecting,
security-conscious application will do this. all that should be logged
is the username attempted, along with a login success/failure
indication, never the
is there a reason that the unknown passwords can't simply be reset?
yes, because not all clients are currently known and resetting them
would possibly break the application(s)
--
Manuel Schmitt
- Geschäftsführer -