Databases Reference
In-Depth Information
| PASSWORD('
the_password
') |
+--------------------------+
| 268f5b591007a24f |
+--------------------------+
1 row in set (0.07 sec)
It's not possible to reverse the hashing process to derive the plain-text password from
the hashed string, so the actual passwords cannot be deduced even if you have access
to the hashed passwords in the
mysql
database. However, this scheme is still susceptible
to dictionary and brute-force attacks, and allowing access to any user details can have
security implications. Hence, you shouldn't allow users to access the
mysql
database
unless they have administrator privileges.
There are three ways to set or change a password. One way is to issue a
GRANT
statement
and include the
IDENTIFIED BY
clause. Suppose you've already created the user
'seli
na'@'localhost'
using this statement:
mysql>
GRANT ALL ON music.* TO 'selina'@'localhost' IDENTIFIED BY '
the_password
';
Query OK, 0 rows affected (0.00 sec)
If the user exists, you can change the password while you're granting new privileges,
or simply by granting no further privileges as follows:
mysql>
GRANT USAGE ON *.* TO 'selina'@'localhost' IDENTIFIED BY '
another_password
';
Query OK, 0 rows affected (0.00 sec)
This statement changes the password but has no effect on the current privileges.
Another way to change a password is to use the
SET PASSWORD
statement. Here's an
example:
mysql>
SET PASSWORD FOR 'selina'@'localhost' = PASSWORD('
another_password
');
Query OK, 0 rows affected (0.00 sec)
You can set the password for the user you're logged in as by using:
mysql>
SET PASSWORD=PASSWORD('
the_password
');
Query OK, 0 rows affected (0.00 sec)
In both cases, remember to include the
PASSWORD( )
function in the statement; if you
leave it out, the server will store the plain-text password instead of the hashed string.
When authenticating a user, MySQL compares the hash of the user's input to the stored
string; if the stored string isn't already hashed, these won't match, and the server will
refuse access.
You can also use the
mysqladmin password
command to change your own password
from the command line. For example, you can change the password for the user
your_mysql_username
from
your_old_mysql_password
to
your new mysql password
by
typing:
$
mysqladmin \
--user=
your_mysql_username \
--password=
your_old_mysql_password \
password
"your new mysql password"