Bug #75904 Outdated documentation for password hash changes
Submitted: 15 Feb 2015 9:08 Modified: 8 Apr 2015 15:48
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version:5.7 OS:Any
Assigned to: Paul DuBois CPU Architecture:Any
Tags: obsolete, outdated

[15 Feb 2015 9:08] Daniël van Eeden
Description:
https://dev.mysql.com/doc/mysql-security-excerpt/5.7/en/application-password-use.html

This belongs in the manual for 5.0 and maybe up to 5.6, but in 5.7 it's obsolete.

This is because of the changes for the old_passwords and secure_auth settings. Also the post-4.1 (mysql_native_password) format has been in use for ages.

How to repeat:
Read docs

Suggested fix:
Remove section from the 5.7 manual
[16 Feb 2015 14:01] MySQL Verification Team
Thank you for the bug report.
[17 Feb 2015 13:51] Paul DuBois
The stuff you mention is present in the initial 5.7 releases and not removed until 5.7.5, yes?
[17 Feb 2015 14:33] Paul DuBois
I'm closing this a premature for 5.7. I'll make a note that it should be removed for 5.8.
[17 Feb 2015 14:42] Daniël van Eeden
old_passwords=1        Removed in 5.7.5
secure_auth=0          Notice in manual since 5.1, Deprecated in 5.6, Removed in 5.7.5
PASSWORD()             Deprecated in 5.7.x, accidentally removed in 5.7.6 (Bug #75928
OLD_PASSWORD()         The mentioned page warns about possible deprecation.
mysql_old_passwords    Deprecated in 5.6, Removed in 5.7

This article talks about upgrading from MySQL 4.0 or older to 4.1 and up. There is no direct upgrade path from 4.0 to 5.7. The path is: 4.0 -> 4.1 -> 5.0 -> 5.1 -> 5.5 -> 5.6 -> 5.7.

I don't think this upgrade is very common and should be documented for the appropriate step (4.0 -> 4.1) and optionally in a few more versions as a convenience.

So it should be removed or rewritten to take the 5.7.5+ situation in account.
[17 Feb 2015 14:45] Daniël van Eeden
Set to open as the current text is wrong for 5.7.5+
[8 Apr 2015 15:48] Paul DuBois
Thank you for your bug report. This issue has been addressed in the documentation. The updated documentation will appear on our website shortly.

Upon further consideration, I agree with you and am removing this section in the 5.7 refman. The PASSWORD() description has been updated in the meantime with deprecation and "do not use" information that I think covers whatever value the removed section may have had.
(http://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password)