Using Ssl For Secure Connections - Oracle 5.0 Reference Manual

mysql> CREATE USER 'jeffrey'@'localhost'
-> IDENTIFIED BY 'mypass';
• For
CREATE USER
value that
the keyword PASSWORD:
mysql> CREATE USER 'jeffrey'@'localhost'
-> IDENTIFIED BY PASSWORD '*90E462C37378CED12064BB3388827D2BA3A9B689';
• When you assign an account a nonempty password using
PASSWORD()
plaintext. Suppose that you assign a password like this:
mysql> SET PASSWORD FOR
-> 'jeffrey'@'localhost' = 'mypass';
The result is that the literal value
encrypted value. When
is encrypted and compared to the value stored in the
the literal string 'mypass', so the comparison fails and the server rejects the connection with an
Access denied
It is preferable to assign passwords using
possible to modify the
cause the server to reread the grant tables. Otherwise, the change remains unnoticed by the server
until you restart it.
• To establish a password for a new account, provide a value for the
mysql> INSERT INTO mysql.user (Host,User,Password)
-> VALUES('localhost','jeffrey',PASSWORD('mypass'));
mysql> FLUSH PRIVILEGES;
• To change the password for an existing account, use
mysql> UPDATE mysql.user SET Password = PASSWORD('bagel')
-> WHERE Host = 'localhost' AND User = 'francis';
mysql> FLUSH PRIVILEGES;

6.3.6. Using SSL for Secure Connections

MySQL supports secure (encrypted) connections between MySQL clients and the server using the
Secure Sockets Layer (SSL) protocol. This section discusses how to use SSL connections. For
information on how to require users to use SSL connections, see the discussion of the
of the
GRANT
The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections
are not used by default. For applications that require the security provided by encrypted connections,
the extra computation to encrypt the data is worthwhile.
MySQL enables encryption on a per-connection basis. You can choose an unencrypted connection or
a secure encrypted SSL connection according the requirements of individual applications.
Secure connections are based on the OpenSSL API and are available through the MySQL C API.
Replication uses the C API, so secure connections can be used between master and slave servers.
See Section 16.3.7, "Setting Up Replication Using

Using SSL for Secure Connections

or GRANT, you can avoid sending the plaintext password if you know the hash
[956] would return for the password. Specify the hash value preceded by
PASSWORD()
[956] function to encrypt the password, otherwise the password is stored as
'mypass'
jeffrey
error.
Note
[956]
PASSWORD()
Section 6.3.1, "User Names and
table directly. In this case, you must also use
user
statement in Section 13.7.1.3,
is stored as the password in the
attempts to connect to the server using this password, the value
user
encryption differs from Unix password encryption. See
Passwords".
PASSWORD, GRANT, or mysqladmin, but it is also
SET
UPDATE
"GRANT Syntax".
SSL".
603
PASSWORD, you must use the
SET
user
table. However, the stored value is
FLUSH PRIVILEGES
column:
Password
to set the
Password
table, not the
to
column value:
clause
REQUIRE