Home |  MySQL Buzz |  FAQ |  Feeds |  Submit your blog feed |  Feedback |  Archive |  Aggregate feed RSS 2.0 English Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 9

Displaying posts with tag: password (reset)

How to change user password on MySQL
+0 Vote Up -0Vote Down

Today let’s talk about how to change MySQL user password

We can use 2 ways, 1 – mysqladmin, 2 – linguagem SQL

1. mysqladmin:

The syntax is easy:

 mysqladmin -u USER -p password NEWPASSWORD 

Let’s then change the password of ‘marcelo’ user to ’123′

mysqladmin -u marcelo -p password '123'

For this command, we have 3 problems:

. You can just change your own user

. You need SUPER PRIVILEGES to run this command

. If you share you linux user account with other users, this command will appear on historic, to avoid it we can edit ~/.bash_history and delete this lines

2. SQL (the best on my opinion):

To change the password, we’ll just run an update on user’s table on mysql db, you can do this in 2

  [Read more...]
One-way Password Crypting Flaws
+0 Vote Up -0Vote Down

I was talking with a client and the topic of password crypting came up. From my background as a C coder, I have a few criteria to regard a mechanism to be safe. In this case we’ll just discuss things from the perspective of secure storage, and validation in an application.

  • use a digital fingerprint algorithm, not a hash or CRC. A hash is by nature lossy (generates evenly distributed duplicates) and a CRC is intended to identify bit errors in transmitted data, not compare potentially different data.
  • Store/use all of the fingerprint, not just part (otherwise it’s lossy again).
  • SHA1 and its siblings are not ideal for this purpose, but ok. MD5 and that family of “message digests” has been proven flawed long ago, they can be “freaked” to create a
  •   [Read more...]
    On Password Strength
    +6 Vote Up -0Vote Down
    XKCD (as usual) makes a very good point – this time about password strength, and I reckon it’s something app developers need to consider urgently. Geeks can debate the exact amount of entropy, but that’s not really the issue: insisting on mixed upper/lower and/or non-alpha and/or numerical components to a user password does not really improve security, and definitely makes life more difficult for users. So basically, the functions that do a “is this a strong password” should seriously reconsider their approach, particularly if they’re used to have the app decide whether to accept the password as “good enough” at all. Update: Jeff Preshing has written an   [Read more...]
    Truly Random and Complex Password Generator - Part 1 of 2
    +2 Vote Up -1Vote Down
    Permalink: http://mysql-0v34c10ck.blogspot.com/2011/06/truly-random-and-complex-password.html



    Skip to the 2nd part for the code snippet.

    Its an important matter of security to enforce complex passwords that have a sufficient length. From personal experience, if you ask a normal user to create their own passwords, their passwords will be based on a character set consisting of 36 case-insensitive alphanumeric characters: a-z, 0-9 instead of the full 94 character set typable on all keyboard layouts. Also, most normal users would use dictionary based passwords with a predictable pattern: dictionary





      [Read more...]
    Recovering a MySQL `root` password – Three solutions
    +3 Vote Up -0Vote Down

    Three ways to recover a root user password:

    The order of solutions here under gets more creative on the way down :)

    1. obviously, before starting messing around check my.cnf or scripts for passwords entries, then try home directories for password files
    2. secondly – can you restart mysql? if yes, restart with –skip-grant-tables, log into mysql, change your password and restart without –skip-grant-tables
    3. third option – (on linux / unix ONLY)
    If you haven’t found the password anywhere and can’t afford to restart your mysql.

    cd data/mysql
    cp -rp user.MYD bck_user.MYD_`date +%Y%m%d`
    cp -rp user.MYD /tmp/user.MYD
    vi /tmp/user.MYD #(edit the hashed passwords next to root*)
    cp -rp /tmp/user.MYD user.MYD
    sudo kill -HUP `pidof mysqld`

    Note that the latter method of recovering a




      [Read more...]
    MySQL – changing a user password
    +0 Vote Up -0Vote Down

    Disclaimer:

    This post is for educational purposes only and no responsibility will be taken if you execute any of the commands. You mess it, you fix it!

    Replacing a password for a user on MySQL can be done in at least four ways. Three ways at least.

    1. set password for ‘user’@'host’=password(‘abc’);

    2. grant usage on *.* to ‘user’@'host’ identified by ‘abc’;

    3. update mysql.user set password=password(‘abc’) where user=’user’ and host=’host’;

    mysql Wed Mar  9 14:27:17 2011 > set password for 'dc'@'%' = password('d');
    Query OK, 0 rows affected (0.00 sec)
    
    mysql Wed Mar  9 14:27:39 2011 > show grants for 'dc'@'%';
    +---------------------------------------------------------------------------------------------------+
    | Grants for dc@%
      [Read more...]
    Securich – The MySQL Security Package step by step run through
    +1 Vote Up -0Vote Down
    I would like to start off by excusing myself for having had a broken link on http://www.securich.com/downloads.html when I published the latest blog post about Securich. The tool is downloadable from there and anyone can use it for free in accordance to GPLv2. I wanted to throw out tutorial about how to install it and use it (Note this tutorial is for version securich version 0.1.2):
    Pop Quiz: MySQL Password Hashing
    +0 Vote Up -0Vote Down

    The answers to the last pop quiz are up: http://www.pythian.com/blogs/868/pop-quiz-mysql-cluster

    So here’s another pop quiz. Given the following:

    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 16450949 to server version: 4.1.14-standard-log
    
    Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
    
    mysql> select count(*),length(password) from mysql.user group by length(password);
    +----------+------------------+
    | count(*) | length(password) |
    +----------+------------------+
    |       49 |               16 |
    |       31 |               41 |
    +----------+------------------+
    2 rows in set (0.00 sec)
    
    mysql> select password('foo');
    +-------------------------------------------+
    | password('foo')                           |
      [Read more...]
    Checking password strength using md5.rednoize.com and AJAX
    +0 Vote Up -0Vote Down

    With some inspiration from Ben Ramsey i created a little demo for using my md5 database during the signup process on a website.

    This example demonstrates the use of the MD5 database at http://md5.rednoize.com and AJAX to check password strength during signup on a website. After supplying a username and a password, a md5 hash of the password is generated using Paul Johnston's md5 javascript library.

    The hash of the password (not the password itself) is then sent to http://md5.rednoize.com. If the website returns a result for the given password (hence the hash password combination is stored in the md5 database) it

      [Read more...]
    Showing entries 1 to 9

    Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

    Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.