4 messages in com.mysql.lists.bugsRe: Password() generates random resul...
FromSent OnAttachments
Kevin Lee12 Aug 2003 10:07 
Alexander Keremidarski12 Aug 2003 23:57 
Alexander Keremidarski13 Aug 2003 02:46 
Sergei Golubchik13 Aug 2003 02:58 
Subject:Re: Password() generates random result in 4.1.0 alpha
From:Alexander Keremidarski (sal@mysql.com)
Date:08/12/2003 11:57:42 PM
List:com.mysql.lists.bugs

Kevin,

Kevin Lee wrote:

Hello,

In 4.1.0 alpha, I found the result of "SELECT PASSWORD('WHATEVER')" statement is generating random results. Therefore I had to use MD5() to store password to
my tables.

Results are not random. This is SHA1 based algorithm which produces these
hashes.

4.1 uses different, more secure password encryption and authentication
mechanism. It implements function OLD_PASSWORD() which uses old code for compatibility.

However you must note that PASSWORD() function was always intended to be used
for storing MySQL users passwords only and never for using in any other area.

Quoting manual:

Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.

Best regards

-- Are you MySQL certified? -> http://www.mysql.com/certification For technical support contracts, visit https://order.mysql.com/?ref=msal __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Mr. Alexander Keremidarski <sal@mysql.com> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Full-Time Developer /_/ /_/\_, /___/\___\_\___/ Sofia, Bulgaria <___/ www.mysql.com