Table of Contents
Advertisement
Attempting to redefine MySQL's system tables in any other fashion results in
undefined (and unsupported!) behavior.
• The server uses MySQL passwords stored in the
MySQL built-in authentication. These passwords have nothing to do with passwords for logging in to
your operating system. There is no necessary connection between the "external" password you use
to log in to a Windows or Unix machine and the password you use to access the MySQL server on
that machine.
• MySQL encrypts passwords stored in the
is the same as that implemented by the
used during the Unix login process. Unix password encryption is the same as that implemented
by the
[955]
ENCRYPT()
[955]
functions in
ENCRYPT()
From version 4.1 on, MySQL employs a stronger authentication method that has better password
protection during the connection process than in earlier versions. It is secure even if TCP/IP packets
are sniffed or the
mysql
stored in encrypted form in the
used to connect to the MySQL server.)
password encryption further.
• It is possible to connect to the server regardless of character set settings if the user name and
password contain only ASCII characters. To connect when the user name or password contain
non-ASCII characters, the client should call the
MYSQL_SET_CHARSET_NAME
authentication to take place using the specified character set. Otherwise, authentication will fail
unless the server default character set is the same as the encoding in the authentication defaults.
Standard MySQL client programs support a
mysql_options()
based on the C API, the connector may provide an equivalent to
used instead. Check the connector documentation.
The preceding notes do not apply for ucs2, which is not permitted as a client character set.
When you install MySQL, the grant tables are populated with an initial set of accounts. The names
and access privileges for these accounts are described in
Accounts", which also discusses how to assign passwords to them. Thereafter, you normally set up,
modify, and remove MySQL accounts using statements such as
See
Section 13.7.1, "Account Management
When you connect to a MySQL server with a command-line client, specify the user name and
password as necessary for the account that you want to use:
shell>
mysql --user=monty --password=password db_name
If you prefer short options, the command looks like this:
shell>
mysql -u monty -ppassword db_name
There must be no space between the
If you omit the
password
the client prompts for one.
Specifying a password on the command line should be considered insecure. See
User Guidelines for Password
command line.
For additional information about specifying user names, passwords, and other connection parameters,
see
Section 4.2.2, "Connecting to the MySQL
User Names and Passwords
user
PASSWORD()
SQL function. See the descriptions of the
Section 12.12, "Encryption and Compression
database is captured. (In earlier versions, even though passwords are
table, knowledge of the encrypted password value could be
user
Section 6.1.2.4, "Password Hashing in
option and appropriate character set name as arguments. This causes
to be called as just described. For programs that use a connector that is not
Statements".
option and the following password value.
-p
value following the
--password
Security". You can use an option file to avoid giving the password on the
596
table to authenticate client connections using
user
table using its own algorithm. This encryption
[956]
SQL function but differs from that
mysql_options()
--default-character-set
mysql_options()
Section 2.18.2, "Securing the Initial MySQL
CREATE
[231]
or
-p
Server".
[956]
and
PASSWORD()
Functions".
MySQL", discusses
C API function with the
option that causes
that can be
USER, GRANT, and REVOKE.
option on the command line,
Section 6.1.2.1, "End-
Advertisement
Chapters
Table of Contents
Troubleshooting
