Database Reference
In-Depth Information
UPDATE
mysql
.
user
SET
plugin
=
'mysql_native_password'
,
Password
=
PASSWORD
(
'mypass'
)
WHERE
User
=
'user2'
AND
Host
=
'localhost'
;
FLUSH
PRIVILEGES
;
•
user6
weakness: Password is empty. Action: Assign a password.
SET
PASSWORD
FOR
'user6'
@
'localhost'
=
PASSWORD
(
'mypass'
);
•
user7
weakness: No plug-in named. Action: Specify the native plug-in.
UPDATE
mysql
.
user
SET
plugin
=
'mysql_native_password'
WHERE
User
=
'user7'
AND
Host
=
'localhost'
;
FLUSH
PRIVILEGES
;
23.9. Disabling Use of Accounts with Pre-4.1 Passwords
Problem
The original pre-4.1 hashing method is less secure than other methods and you want
to prevent accounts from using it.
Solution
Set the
secure_auth
system variable to prevent such accounts from connecting to the
server. To be more user friendly, upgrade affected accounts first.
Discussion
The hashing method used by the
mysql_old_password
authentication plug-in is not as
secure as the method used by
mysql_native_password
. In addition,
mysql_old_pass
word
is deprecated and eventually will no longer be supported. To prevent its use and
prepare for the day when support for it ceases, take these steps:
1. Identify accounts that use
mysql_old_password
and upgrade them to use
mysql_na
tive_password
(see
Recipe 23.8
). Do this first so as not to lock out accounts in the
next step.
2. Start the server with the
secure_auth
system variable enabled. That's been the de‐
fault value since MySQL 5.6.5, but you can check whether your server's setting
differs:
mysql>
SELECT @@secure_auth;
+---------------+
| @@secure_auth |
+---------------+
| 0 |
+---------------+
