Experience-mysql password problem!

First of all, there are several common ways to modify MySQL user passwords:

1, mysqladmin-u root password "Newpass"

If the password is already configured:

Mysqladmin-uroot-prenzhiyuan password ' 123456 '

2. Using Set password command

mysql> SET PASSWORD for ' root ' @ ' localhost ' = PASSWORD (' Renzhiyuan ');

Query OK, 0 rows Affected (0.00 sec)

Mysql>

3.UPDATE

mysql> UPDATE user SET Password = Password (' 123456 ') WHERE user = ' root ';

Query OK, 4 rows Affected (0.00 sec)

Rows Matched:4 Changed:4 warnings:0

Mysql>

View:

Mysql> select User,host,password from user;

+--------+---------------+-------------------------------------------+

| user | Host | password |

+--------+---------------+-------------------------------------------+

| Root | localhost | *6bb4837eb74329105ee4568dda7dc67ed2ca2ad9 |

| Root | 127.0.0.1 | *6bb4837eb74329105ee4568dda7dc67ed2ca2ad9 |

|   +--------+---------------+-------------------------------------------+

5 rows in Set (0.00 sec)

Mysql>

The basic security is satisfied that MySQL does not store the user's plaintext password inside. MySQL is actually using two times SHA1 inclusion once Unhex the user password is encrypted, so Generally speaking ciphertext is obtained by irreversible encryption algorithm. In this way, even if sensitive information leaks, there is no immediate clear text from the ciphertext except brute force cracking.

mysql> Select password (' MyPassword '), concat (' * ', SHA1 (Unhex (SHA1 (' MyPassword ')));

+-------------------------------------------+---------------------------------------------+

| Password (' MyPassword ') | Concat (' * ', SHA1 (Unhex (SHA1 (' MyPassword '))) |

+-------------------------------------------+---------------------------------------------+

| *fabe5482d5aadf36d028ac443d117be1180b9725 | *fabe5482d5aadf36d028ac443d117be1180b9725 |

+-------------------------------------------+---------------------------------------------+

1 row in Set (0.47 sec)

Mysql>

So that's the problem? What are the insecurity factors?

1. mysql History command record:

[email protected] ~]# cat. mysql_history

SET PASSWORD for ' root ' @ ' localhost ' = PASSWORD (' Renzhiyuan ');

show databases;

Use MySQL;

Select Host,password,user from user;

Grant all on * * to [e-mail protected] ' 192.168.1.243 ' identified by ' Renzhiyuan ';

Flush privileges;

show databases;

Flush privileges;

[Email protected] ~]#

2, check Binlog can find the plaintext password (5.6 later version was repaired)

3, you can pass the authorization form directly over the password.

4, the plaintext login MySQL and so on.

......

In that case? How to effectively protect the MySQL password?

1, choose the appropriate version (such as 5.6.x)

2, when landing MySQL, to prohibit the clear text, to prevent others through the historical command to view.

3. Manage MySQL's history command file (default in the user's . Mysql_history )

4, MySQL user rights to be cautious to, MySQL related core file permissions to set up, such as MY.CNF, startup files, etc.

5, log records, behavioral audit

......

Summary: The so-called user name and password is nothing more than a front door, do not think it is safe. However, the corresponding security maintenance is necessary!

This article from the "[email protected]" blog, reproduced please contact the author!

Experience-mysql password problem!