How do I create a mySQL user with hash39sha25639 salt . password

De openkb
Aller à : Navigation, rechercher

Sommaire

Questions

I must be missing something.

I want to set up a database user account for select-only transactions but mysql is not letting me choose the hash method for a password on creating a user account.

this fails: 

GRANT SELECT ON myDB.* TO  selectuser @ localhost  
IDENTIFIED BY hash( sha256 ,  salted-myfakelongrandompasswordstring );

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near hash( sha256 , salted-myfakelongrandompasswordstring ) at line 1

this passes: 

GRANT SELECT ON myDB.* TO  selectuser @ localhost  
IDENTIFIED BY  salted-myfakelongrandompasswordstring ;

I checked the phpinfo page and the sha256 hash engine is already enabled.

is there a way to change the default hashing algorithm for mysql, or is the syntax just incorrect on my SQL?

Answers

No, you shouldn t use your own password-hashing for MySQL authentication.

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_password http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_password

If you were able to use GRANT in the manner you show in your question, then MySQL would apply its PASSWORD() function to the string output of the hash() function. Subsequently, when you want to log in, you would have to enter the 256-bit hash of your password, for it to match what is in the MySQL authentication database.

http://dev.mysql.com/doc/refman/6.0/en/encryption-functions.html#function_sha2 http://dev.mysql.com/doc/refman/6.0/en/encryption-functions.html#function_sha2

http://php.net/hash http://php.net/hash

update: I attended the MySQL Conference this week and found out that they are totally changing their roadmap for future product version numbers. The SHA2() function is currently part of the MySQL source, but it s undetermined what product version that corresponds to. Also, you need MySQL built with OpenSSL/YaSSL support, for SHA2() to work.

Re your comment: Typically MySQL authentication is totally separate from user account authentication in a given web app (this is best practice for several reasons).

Yes, you need to hardcode the username/password for MySQL authentication for your web app. Could be in, but even better would be a config file. Of course, put these outside the web root.

http://en.wikipedia.org/wiki/Salt_(cryptography) http://en.wikipedia.org/wiki/Salt_(cryptography) 

$salt = $db->query("SELECT salt FROM Accounts WHERE account_name = ?", 
    $input_account_name);

$password_hash = hash( sha256 , $salt + $input_password)

$is_password_correct = $db->query("SELECT password_hash = ? 
    FROM Accounts WHERE account_name = ?",
    $password_hash, $input_account_name);

Source

License : cc by-sa 3.0

http://stackoverflow.com/questions/693288/how-do-i-create-a-mysql-user-with-hashsha256-salt-password

Related

Récupérée de « http://openkb.fr/index.php?title=How_do_I_create_a_mySQL_user_with_hash39sha25639_salt_._password&oldid=11462 »
Outils personnels
Espaces de noms

Variantes
Actions
Navigation
Outils