In contrast, the manual indicates, when MySQL writes ALTER USER. The manual indicates that UPDATE statements are written to logs as is, becoming visible to anyone with read access to the logs. This is generally a bad idea and we want to leave the task of managing user authentication properties exclusively to using the ALTER USER statement which automatically determines which authentication plugin should be used and then adjusts the password algorithm accordingly.Īs described by the manual, it also appears that UPDATE is less secure than ALTER PASSWORD with respect to logging. The PASSWORD() function was originally introduced as a way to manually update the er table. The existing ALTER USER statement is modified to cover the deprecated functionality. We have deprecated the SET PASSWORD syntax and the PASSWORD() function. See also Removal and Deprecation in MySQL 5.7: = 'auth_string' syntax ( i.e., leaving out the PASSWORD(str) encryption function) "is not deprecated, but ALTER USER is the preferred statement for account alterations, including assigning passwords." Id. = PASSWORD() "is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release", according to the SET PASSWORD documentation. These statements are deprecated and/or discouraged in relation to the currently preferred ALTER USER statement. PASSWORD() statement or an UPDATE statement (the former for passing the new password in cleartext and the latter for passing it in hashed format): SET PASSWORD The currently accepted answer suggests using either a SET PASSWORD. Otherwise, the value is not usable by the plugin and correct authentication of client connections will not occur." Id. When using AS instead of BY, the ALTER USER documentation says, the password string "is assumed to be already in the format the authentication plugin requires, and is stored as is in the er table." If a plugin requires a hashed value, "the value must be hashed in a format appropriate for the plugin. In answer to question how to pass the new password to MySQL in hashed format rather than cleartext, the MySQL ALTER USER documentation indicates that this is done by using AS in place of BY in the ALTER USER statement: ALTER USER WITH "New Default Authentication Plugin: caching_sha2_password" "Protecting MySQL Passwords With the sha256_password Plugin" For background on the history and future of MySQL authentication plugins, I found these MySQL Server Team blog posts helpful: The plugin specified gets written to the "plugin" field of the er table. The second example above contains an optional WITH clause to specify an authentication plugin. Two examples (adapted from their answers and the ALTER USER documentation for MySQL 5.7): : ALTER USER BY '' If I still had to operate a MySQL = 5.7.6. The question did ask if a single command could be used for both MySQL 5.6 and 5.7, but given that the ALTER USER syntax implemented by MySQL >= 5.7.6 offers a security enhancement, I would use the newer syntax when it is available. The MySQL 5.7.6 (, Milestone 16) release notes linked by question say "ALTER USER is now the preferred statement for assigning passwords." (This is likely due to the passage of time - the question and answer were both posted in 2015.) Then you can test: $ mysql -u root no MySQL authority, but based on MySQL's current 5.7 documentation, the suggestions in the currently accepted and most upvoted answer strike me as inadvisable. Just stopping it the normal way does not work. Important: before you (re)start mysqld, you need to kill the current process. If it is running, then start mysql and change the password $ mysql -u root $ sudo /usr/sbin/mysqld -skip-grant-tables -skip-networking &Ĭheck that the daemon mysqld is running: $ ps aux | grep mysqld So, you must use these modified instructions: $ sudo systemctl stop mysql The two key points are : the function password() is removed in mysqld 8.0+ and, for some reason, the unix socket for mysqld is not created with the -skip-grant-tables options. It's for MariaDB, but it's the same if don't use MariaDB. On Ubuntu 19.10 with mysqld version 8.0.19, none of the above worked for me.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |