[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
In most cases you should use GRANT
to set up your users/passwords,
so the following only applies for advanced users. See section GRANT
.
The examples in the preceding sections illustrate an important principle:
when you store a non-empty password using INSERT
or UPDATE
statements, you must use the PASSWORD()
function to encrypt it. This
is because the user
table stores passwords in encrypted form, not as
plaintext. If you forget that fact, you are likely to attempt to set
passwords like this:
shell> mysql -u root mysql mysql> INSERT INTO user (Host,User,Password) -> VALUES('%','jeffrey','biscuit'); mysql> FLUSH PRIVILEGES; |
The result is that the plaintext value 'biscuit'
is stored as the
password in the user
table. When the user jeffrey
attempts to
connect to the server using this password, the mysql
client encrypts
it with PASSWORD()
, generates an authentication vector
based on encrypted password and a random number,
obtained from server, and sends the result to the server.
The server uses the password
value in the user
table
(that is not encrypted value 'biscuit'
)
to perform the same calculations, and compares results.
The comparison fails and the server rejects the
connection:
shell> mysql -u jeffrey -pbiscuit test Access denied |
Passwords must be encrypted when they are inserted in the user
table, so the INSERT
statement should have been specified like this
instead:
mysql> INSERT INTO user (Host,User,Password) -> VALUES('%','jeffrey',PASSWORD('biscuit')); |
You must also use the PASSWORD()
function when you use SET
PASSWORD
statements:
mysql> SET PASSWORD FOR jeffrey@"%" = PASSWORD('biscuit'); |
If you set passwords using the GRANT ... IDENTIFIED BY
statement
or the mysqladmin password
command, the PASSWORD()
function
is unnecessary. They both take care of encrypting the password for you,
so you would specify a password of 'biscuit'
like this:
mysql> GRANT USAGE ON *.* TO jeffrey@"%" IDENTIFIED BY 'biscuit'; |
or:
shell> mysqladmin -u jeffrey password biscuit |
Note: PASSWORD()
is different from Unix password encryption.
See section 5.5.1 MySQL Usernames and Passwords.
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |