Password Hashing in MySQL
MySQL lists user accounts in the user table of the mysql database. Each MySQL account can be
assigned a password, although the user table does not store the cleartext version of the password, but
a hash value computed from it.
MySQL uses passwords in two phases of client/server communication:
• When a client attempts to connect to the server, there is an initial authentication step in which the
client must present a password that has a hash value matching the hash value stored in the user
table for the account the client wants to use.
• After the client connects, it can (if it has sufficient privileges) set or change the password hash for
accounts listed in the user table. The client can do this by using the PASSWORD() [1283] function to
generate a password hash, or by using a password-generating statement (CREATE USER, GRANT, or
SET PASSWORD).
In other words, the server checks hash values during authentication when a client first attempts to
connect. The server generates hash values if a connected client invokes the PASSWORD() [1283]
function or uses a password-generating statement to set or change a password.
Password hashing methods in MySQL have the history described following. These changes are
illustrated by changes in the result from the PASSWORD() [1283] function that computes password
hash values and in the structure of the user table where passwords are stored.
... zobacz całą notatkę
Komentarze użytkowników (0)