Bug #52799 [Opn->Fbk]: Old password authentication with (PDO) MySQL native driver

Wed, 08 Sep 2010 09:34:18 -0700 

Edit report at http://bugs.php.net/bug.php?id=52799&edit=1

 ID:                 52799
 Updated by:         u...@php.net
 Reported by:        php at diptyque dot net
 Summary:            Old password authentication with (PDO) MySQL native
                     driver
-Status:             Open
+Status:             Feedback
 Type:               Bug
 Package:            PDO related
 Operating System:   FreeBSD
 PHP Version:        5.3.3
 Block user comment: N

 New Comment:

Because mysqlnd does not support it, ext/mysql - if using mysqlnd -
can't support it. Please provide a test script which shows ext/mysql
connecting while PDO_MySQL does not.


Previous Comments:
------------------------------------------------------------------------
[2010-09-08 18:16:02] php at diptyque dot net

Description:
------------
Some PHP legacy code no longer works with the 5.3.3 MYSQLND-enabled [1]
PDO MySQL driver -- I got 2 warnings and an exception is raised:



[07-Sep-2010 14:31:16] PHP Warning: PDO::__construct(): Premature end of
data (mysqlnd_wireprotocol.c:554) in /my/path/to/php/auto/append.php on
line xx

[07-Sep-2010 14:31:16] PHP Warning: PDO::__construct(): OK packet 1
bytes shorter than expected in /my/path/to/php/auto/append.php on line
xx



Exception says that "mysqlnd cannot connect to MySQL 4.1+ using the old
insecure authentication."



This is inconsistent with the behavior of the 5.3.3 MySQL extension
built with MYSQLND support: I have even older PHP code that can connect
to MySQL 4.1+ using the old insecure authentication scheme (!?) Go
figure.



Of course, reverting to the PDO MySQL driver w/ classic MySQL client
library support works.



[1] mysqlnd 5.0.7-dev - 091210 - $Revision: 300533 $



Test script:
---------------
<?php



try {



    $dbh = new PDO($sql->dsn, $sql->username, $sql->password);

    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);



}

catch (Exception $e) { /* ... */ }

// failure

?>



vs.



<?php



$dbh = mysql_pconnect(

        $mysql['hostname'], $mysql['username'], $mysql['password']

);

// success

?>

Expected result:
----------------
Why does old password authentication still works with MYSQLND-enabled
MySQL extension but not with MYSQLND-enabled PDO MySQL driver?

Actual result:
--------------
SQLSTATE[HY000] [2000] mysqlnd cannot connect to MySQL 4.1+ using the
old insecure authentication. Please use an administration tool to reset
your password with the command SET PASSWORD =
PASSWORD('your_existing_password'). This will store a new, and more
secure, hash value in mysql.user. If this user is used in other scripts
executed by PHP 5.2 or earlier you might need to remove the
old-passwords flag from your my.cnf file


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52799&edit=1

Reply via email to