How to connect MysqlClient to MysqlServer _ MySQL

For the authentication method of MysqlClient link MysqlServer, see: http://forge.mysql.com/wiki/MySQL_Internals_ClientServer_Protocol#Password_functions

Let me explain the following content:

Earlier than 4.0

1. the server sends a random string (scramble_buff) to the client.

2. the client encrypts the user's plaintext password, and then encrypts the hash and server's random string into a new scramble_buff. (See SQL/password. c: scramble ()).

3. the client sends the encrypted scramble_buff value to the server.

4. the server encrypts the mysql. user. Password value with the original random string.

5. the server compares the encrypted hash value with the encrypted scramble_buff sent by the server.

6. if the same is true, the verification is successful.

It is basically a challenge mechanism. Note: in essence, the password is the encrypted hash value of the plaintext password. if someone knows this user's mysql. user. password (instead of knowing the original plaintext Password) can directly log on to the server.

Versions later than 4.1

After 4.1, the password stored in the database is encrypted with SHA1: SHA1 (SHA1 (password ))

1. the server sends a random string (scramble) to the client.

2. the client performs the following calculation:

Stage1_hash = SHA1 (plaintext password ).

Token = SHA1 (scramble + SHA1 (stage1_hash) XOR stage1_hash

3. the client sends the token to the server.

4. the server performs the following calculation:

Stage1_hash = token XOR SHA1 (scramble + mysql. user. Password)

5. the server compares SHA1 (stage1_hash) with mysql. user. Password. If yes, the authentication is correct.

Note: SHA1 (A + B) means SHA1 (string A connects to string B ).

This time there is no defect in the previous version. with mysql. user. Password and scramble, the token cannot be obtained. Because he cannot obtain stage1_hash.

However, if this person has the user's mysql. user. Password and a complete verification data intercepted on the network, he can reverse the stage1_hash value based on the intercepted token and scramble. Because stage1_hash does not change, the next connection, after obtaining a new scramble, He encrypts the token and sends it to the server to connect to the server through verification.

Finally, put a 5.1 Authentication packet capture result, pay attention to the marked red:

Server> 127.0.0.1.49130: Handshake

127.0.0.1.49130> server: Handshake (new auth)

　　

 
 

  
  
server > 127.0.0.1.49130: Handshake  
  
  
127.0.0.1.49130 > server: Handshake (new auth)  
  
  
server > 127.0.0.1.49130: OK