| Bug #69885 | old_passwords should only by a session variable | ||
|---|---|---|---|
| Submitted: | 31 Jul 2013 23:51 | Modified: | 21 Apr 2014 19:09 |
| Reporter: | Alfie John | Email Updates: | |
| Status: | Not a Bug | Impact on me: | |
| Category: | MySQL Server: General | Severity: | S3 (Non-critical) |
| Version: | 5.6.12 | OS: | Linux (Debian) |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | old_passwords | ||
[1 Aug 2013 23:13]
Alfie John
As for my suggested fix, and noted in #69889, it looks like you CAN set old_passwords, but only if you do not log in with a pre-4.1.1 account.
[21 Apr 2014 19:09]
Sveta Smirnova
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://dev.mysql.com/doc/ and the instructions on how to report a bug at http://bugs.mysql.com/how-to-report.php Please read at http://dev.mysql.com/doc/refman/5.6/en/set-statement.html: ----<q>---- If you change a global system variable, the value is remembered and used for new connections until the server restarts. (To make a global system variable setting permanent, you should set it in an option file.) The change is visible to any client that accesses that global variable. However, the change affects the corresponding session variable only for clients that connect after the change. The global variable change does not affect the session variable for any client that is currently connected (not even that of the client that issues the SET GLOBAL statement). ----</q>----
Description: The old_passwords system variable has global and session scope. The documentation says: "A value of 0 (or OFF) causes passwords to be encrypted using the format available from MySQL 4.1 on. A value of 1 (or ON) causes password encryption to use the older pre-4.1 format." However changing the global scope is entirely useless. How to repeat: mysql> SET @@GLOBAL.old_passwords=0; SET @@SESSION.old_passwords=0; mysql> SELECT @@GLOBAL.old_passwords, @@SESSION.old_passwords, PASSWORD('testpw'), OLD_PASSWORD('testpw')\G *************************** 1. row *************************** @@GLOBAL.old_passwords: 0 @@SESSION.old_passwords: 0 PASSWORD('testpw'): *032169CDF0B90AF8C00992D43D354E29A2EACB42 OLD_PASSWORD('testpw'): 12ab181d57a7f4be mysql> SET @@GLOBAL.old_passwords=0; SET @@SESSION.old_passwords=1; mysql> SELECT @@GLOBAL.old_passwords, @@SESSION.old_passwords, PASSWORD('testpw'), OLD_PASSWORD('testpw')\G *************************** 1. row *************************** @@GLOBAL.old_passwords: 0 @@SESSION.old_passwords: 1 PASSWORD('testpw'): 12ab181d57a7f4be OLD_PASSWORD('testpw'): 12ab181d57a7f4be mysql> SET @@GLOBAL.old_passwords=1; SET @@SESSION.old_passwords=0; mysql> SELECT @@GLOBAL.old_passwords, @@SESSION.old_passwords, PASSWORD('testpw'), OLD_PASSWORD('testpw')\G *************************** 1. row *************************** @@GLOBAL.old_passwords: 1 @@SESSION.old_passwords: 0 PASSWORD('testpw'): *032169CDF0B90AF8C00992D43D354E29A2EACB42 OLD_PASSWORD('testpw'): 12ab181d57a7f4be mysql> SET @@GLOBAL.old_passwords=1; SET @@SESSION.old_passwords=1; mysql> SELECT @@GLOBAL.old_passwords, @@SESSION.old_passwords, PASSWORD('testpw'), OLD_PASSWORD('testpw')\G *************************** 1. row *************************** @@GLOBAL.old_passwords: 1 @@SESSION.old_passwords: 1 PASSWORD('testpw'): 12ab181d57a7f4be OLD_PASSWORD('testpw'): 12ab181d57a7f4be Suggested fix: The old_passwords system variable should only have session scope. If done however, if it would nice if old_passwords could then be set via a config file and the command line. Otherwise, if you don't like the default value, you're stuck.