Error while executing the PASSWORD function in MySQL Server version 8.0.12
I have the following query:
SELECT *
FROM users
WHERE login = 'FABIO'
AND pwd = PASSWORD('2018')
LIMIT 0, 50000
I am getting this error:
Error Code: 1064. You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near
If you need a replacement hash to match the password() function, use this: SHA1(UNHEX(SHA1()));
E.g.
mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass') |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+
and replacement that gives the same answer in version 8:
mysql> SELECT CONCAT('*', UPPER(SHA1(UNHEX(SHA1('mypass')))));
+-------------------------------------------------+
| CONCAT('*', UPPER(SHA1(UNHEX(SHA1('mypass'))))) |
+-------------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------------+
OP's MySQL Server version is 8.0.12. From MySQL Documentation, PASSWORD function has been deprecated for version > 5.7.5:
Note
The information in this section applies fully only before MySQL 5.7.5,
and only for accounts that use the mysql_native_password or
mysql_old_password authentication plugins. Support for pre-4.1
password hashes was removed in MySQL 5.7.5. This includes removal of
the mysql_old_password authentication plugin and the OLD_PASSWORD()
function. Also, secure_auth cannot be disabled, and old_passwords
cannot be set to 1.
As of MySQL 5.7.5, only the information about 4.1 password hashes and
the mysql_native_password authentication plugin remains relevant.
Instead, of the PASSWORD function, you can use much better and secure encryption functions from here. More details from the MySQL server team can be seen here.
With MySQL 8.0.22, I had to do the following:
update /etc/mysql/my.cnf and add lines:
[mysqld]
skip-grant-tables
restart mysql and run some queries:
> systemctl restart mysql
> sudo mysql
mysql> UPDATE mysql.user SET authentication_string=null WHERE User='root';
FLUSH PRIVILEGES;
mysql> exit;
log in again and update the password:
> mysql -u root
mysql> ALTER USER 'root'#'localhost' IDENTIFIED WITH caching_sha2_password BY 'my password';
mysql> FLUSH PRIVILEGES;
update /etc/mysql/my.cnf and remove the line skip-grant-tables
> systemctl restart mysql
Finally, test
> mysql -u root -p
you may create another function that is similar to PASSWORD
SET GLOBAL log_bin_trust_function_creators = 1;
delimiter $$
CREATE FUNCTION PASSWORD2 (pass_in varchar(50)) RETURNS varchar(50)
BEGIN
declare n_pass varchar(50);
set n_pass = CONCAT('*', UPPER(SHA1(UNHEX(SHA1(pass_in)))));
return n_pass;
END$$
Then
SELECT PASSWORD2("my_super_scret_password") FROM MyUserTable ....
Related
I am not able to connect a MySQL server remotely.
The connection seems to be ok because with telnet [ip] [port] I get response:
4.1.3b-beta-nt-max▒ <0v '[uZ,? B {efSLa $, Q4N
When executed by command line or by MySQL Workbench 6.3
mysql -u [user] -p -h [host]
I get the same error:
ERROR 2027 (HY000): Malformed packet
It is a mysql client bug, I've searched about it and it is a old auth switch request. Your client it is out of date, using a old protocol communication, now, if it is a Workbench problem too your just the Client, you need to update or downgrade the MySQL Client first and try to run it alone.
Here, it is the same question with a more complete answer:
https://dba.stackexchange.com/questions/135343/server-responds-with-empty-packet-during-session-negotiation-resulting-in-client
And, for the new Auth protocol, on connection phase:
https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase.html
You must upgrade the "old_password" hashed password:
SET PASSWORD FOR 'existinguser'#'localhost' = PASSWORD('existingpass');
So you can login in an "old" MySQL server, using a recent Workbench version
If you need to connect to pre-4.1 MySQL servers from later MySQL versions (5.7+), you will need to use "--skip-secure-auth" option from the client. And the client version cannot be newer than v5.7.4 because this option had been removed in 5.7.5. You can download version 5.7.4_m14 from mysql's archive website. For example,
$ mysql -uuser -p -hserver --skip-secure-auth
I had the same error trying to connect to a MariaDB server with the MySQL client mysql-client. I solved it by installing mariadb-client (that overwrites the mysql binary, so use the same command to connect).
I did face this issue for normal select query. It was weird that when I was using small-case 's' in the query statement, it was giving me the same error. The I figured out that this happens as internally it is trying to retrieve the data from mysql cache.
It was not because of the case of 's' in the select query.
//Returned Error
select * from foo;
//This worked fine
Select * from foo;
//This also worked fine
select SQL_NO_CACHE * from foo;
From this I was able to conclude that it was the issue as it was using Cached data.
I've faced the same issue with latest MySQL Client (>5.7) while trying to connect lower versions of MySQL like 5.1.xx.
To avoid this issue (ERROR 2027 (HY000): Malformed packet), create a user with latest password authentication.
ex:
Login to MySQL 5.1.xx server and execute..
mysql> create user 'testuser'#'xx.xx.xxx.%' identified by 'testuser_Secret1';
Check if you have old_passwords enabled, then disable it for that session.
mysql> show session variables like 'old_passwords';
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| old_passwords | ON |
+-----------------+-------+
mysql> set session old_passwords = 0;
mysql> GRANT select on test.* TO 'testuser'#'xx.xx.xxx.%' identified by 'testuser_Secret1';
Verify password that should begin with "*SOMETHING1123SHOWNBELOW3034".
mysql> select user,host,password from mysql.user where user = 'testuser';
+-----------+---------------+-------------------------------------------+
| user | host | password |
+-----------+---------------+-------------------------------------------+
| testuser | xx.xx.xxx.% | *053CB27FDD2AE63F03D4A0B919E471E0E88DA262 |
+-----------+---------------+-------------------------------------------+
Now try logging from MySQL 5.7.xx Client and try to establish a connection to MySQL 5.1.xx server.
[testuser#localhost]# mysql -V
mysql Ver 14.14 Distrib 5.7.31, for Linux (x86_64) using EditLine wrapper
[testuser#localhost]# mysql -hxx.xx.xxx.xxx -u testuser -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1528853
Server version: 5.1.73-log Source distribution
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
For the people that has this error when the execute the query (not when connecting to DB), the problem is the cache configuration in database.
You can find the bug description here:
https://bugs.mysql.com/bug.php?id=86318
The solution:
disable the cache configuration:
query_cache_limit = 0
query_cache_size = 0
query_cache_type = 0
In the long term there are no negative repercussions, since the latest versions of MySQL no longer support this feature. With little data the cache works correctly, but in large quantities it generates a bottleneck.
More info about the cache removed from mysql 8.0:
https://mysqlserverteam.com/mysql-8-0-retiring-support-for-the-query-cache/
i solved this issue. i was facing this issue in my PHP 7.2. First i created a new user and upgrade it in my script. Then i upgrade PHP 7.2 to 7.3. And it worked. :)
Following (https://docs.wso2.com/display/Governance450/Setting+up+with+MySQL) instructions I get an error:
mysql> -u regadmin -p -Dregdb < 'D:\Programs\wso2greg-5.1.0\dbscripts\mysql.sql';
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-u regadmin -p -Dregdb < 'D:\Programs\wso2greg-5.1.0\dbscripts\mysql.sql'' at line 1
the steps are:
create database regdb character set latin1;
GRANT ALL ON regdb.* TO regadmin#localhost IDENTIFIED BY "regadmin";
FLUSH PRIVILEGES;
use regdb
show tables;
quit;
Iv'e confirmed drivers copied across - mysql_connector_java_5.1.38_bin_1.0.0.jar.
Iv'e confirmed default datasource updated - master-datasources.xml.
I didn't config any new datasources - I dont think I need them.
I then attempted to create database tables but get error above. Running "wso2server.bat -Dsetup" just generates following exception, which I assume is because I have no tables.
[2015-12-10 18:00:41,251] ERROR {org.wso2.carbon.user.core.util.DatabaseUtil} - Database Error - Incorrect string value: '\xE2\x80\x91200...' for column 'UM_DESCRIPTION' at row 1 java.sql.SQLException: Incorrect string value: '\xE2\x80\x91200...' for column 'UM_DESCRIPTION' at row 1
I'm guessing its going to be something trivial - I just don't see it. Ive tried playing around with the mysql syntax but to no avail. I note Governance450 docs say the tables are auto created. I assume the 460 is a valid correction?
-- update
part solved: not sure exactly what was wrong above (if anything). But following did create tables: (> from dos prompt, mysql> from mysql prompt)
> mysql -u root -p
--mysql> drop database if exists regdb;
mysql> create database regdb character set latin1;
--mysql> DROP USER ‘regadmin’#‘localhost’;
mysql> CREATE USER 'regadmin'#'localhost' IDENTIFIED BY 'regadmin';
mysql> GRANT ALL PRIVILEGES ON regdb.* TO 'regadmin'#'localhost';
> mysql -u regadmin -p
mysql> use regdb
mysql> source D:\Programs\wso2greg-5.1.0\dbscripts\mysql.sql;
mysql> show tables;
The steps I followed that eventually worked for me were:-
> mysql -u root -p
--mysql> drop database if exists regdb;
mysql> create database regdb;
--mysql> DROP USER ‘regadmin’#‘localhost’;
mysql> CREATE USER 'regadmin'#'localhost' IDENTIFIED BY 'regadmin';
mysql> GRANT ALL PRIVILEGES ON regdb.* TO 'regadmin'#'localhost';
> mysql -u regadmin -p
mysql> use regdb
mysql> source D:\Programs\wso2greg-5.1.0\dbscripts\mysql.sql;
mysql> show tables;
where
Dos prompt >
mysqlprompt mysql>
I have not been introduced to mysql, but had to work with it. I installed it and tried to run this:
mysql> CREATE TABLE h7vsk1200001 (quid VARCHAR(15), suid VARCHAR(15), iden FLOAT, alen INT, mism INT, gapo INT, qsta INT, qend INT, ssta INT, send INT, eval FLOAT, bits INT);
Which I understand is the basis for a table, with its names for columns and its datatypes. Whenever I run it, I get this error message:
bash: error sintáctico cerca del elemento inesperado `('
By the way, I'm using Ubuntu 14.04 if that matters. Also, if I try to run the CREATE TABLE command without arguments I get:
$ mysql> CREATE TABLE
ERROR 1045 (28000): Access denied for user 'carlos'#'localhost' (using password: NO)
Consider that I have little experience with bash and no experience with mysql (as you may have denoted)
You first need to launch the mysql shell. You can't run queries like this in bash: you need to use a MySQL client. You're getting the first error because bash is trying to parse the parentheses, and the second error is the result of you running the mysql command while piping (>) the output to a new file called CREATE.
Note you're getting the ACCESS DENIED because you apparently don't have access as the user carlos without a password. Use mysql -u myusername -p to log in with username myusername and to have mysql prompt for a password.
thom#lethe-arch:~$ # bash shell
thom#lethe-arch:~$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 443
Server version: 10.0.14-MariaDB-log MariaDB Server
Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.01 sec)
mysql> -- type queries here
(Note: MariaDB is a fork of MySQL and behaves exactly the same)
Seems you have to create a user 'carlos' and allow necessary permissions like:
mysql> use mysql;
mysql> CREATE USER 'carlos'#'localhost' IDENTIFIED BY 'yourpassword';
mysql> GRANT ALL PRIVILEGES ON . TO 'carlos'#'localhost' WITH GRANT OPTION;
My question is simple, can I GRANT permission to ALL (as in any user with any pwd coming from any machine) users ?
I know it COULD BE problematic in some cases. But ours is a demo database, with users unknown. So please spare us the rod.
From what I know and what I have tried the Answer is NO, we can not do it. I am posting this question to confirm my understanding.
AFAIK, we can't. Is there a way to hack around this ?
As people have said in the comments - this is probably a bad idea. But, I thought, why not have a crack and see how it can be done.
The most simple place to start would be to create a MySQL user without a username:
GRANT ALL ON *.* TO ''#'%' IDENTIFIED BY '';
This will let you login with any username - and a blank password. This might be what some people are looking for - but it sounds like you want any username any password.
To do that - I suggest using mysql-proxy. I would download the source code. If you're on Ubuntu then you will need the following packages to build it:
apt-get install libmysqlclient-dev \
pkg-config \
lua5.1 liblua5.1-0-dev liblua5.1-0 \
libglib2.0-dev \
libevent-1.4-2 libevent1-dev
If you do compile it then you'll need to run /sbin/ldconfig afterwards as root.
Then we can write a lua script to set the username and password for every connection. The mysql-proxy client has some example scripts, but the relevant examples/tutorial-scramble.lua file is old and doesn't work with the current version. You can use the following script:
local CLIENT_PROTOCOL_41 = 512 -- New 4.1 protocol
local CLIENT_SECURE_CONNECTION = 32768 -- New 4.1 authentication
local MYSQL_AUTH_CAPABILITIES = ( CLIENT_PROTOCOL_41 + CLIENT_SECURE_CONNECTION )
local password = assert(require("mysql.password"))
local proto = assert(require("mysql.proto"))
function read_auth()
local c = proxy.connection.client
local s = proxy.connection.server
local challenge = (s.scramble_buffer):sub(1,20)
local default_username = "foo"
local default_password = "bar"
proxy.queries:append(1,
proto.to_response_packet({
username = default_username,
response = password.scramble(challenge, password.hash(default_password)),
charset = 8, -- default charset
database = c.default_db,
max_packet_size = 1 * 1024 * 1024,
server_capabilities = MYSQL_AUTH_CAPABILITIES
})
)
return proxy.PROXY_SEND_QUERY
end
Save this as any-user-any-pass.lua or something. Then you will need to create the user in the database which I refer to in the script (username foo, password bar):
GRANT ALL ON *.* TO 'foo'#'localhost' IDENTIFIED BY 'bar';
Then we can start up mysql-proxy - we will connect it to the local mysql server on port 3306 and it will listen on port 3307. Use a command similar to this:
mysql-proxy --proxy-lua-script=`pwd`/any-user-any-pass.lua \
--proxy-backend-addresses=localhost:3306 \
--proxy-address=localhost:3307
Test it out in a different terminal:
ubuntu#test:~$ mysql -h 127.0.0.1 -P 3306 -u ANYTHING -pSOMETHING
ERROR 1045 (28000): Access denied for user 'ANYTHING'#'localhost' (using password: YES)
ubuntu#test:~$ mysql -h 127.0.0.1 -P 3307 -u ANYTHING -pSOMETHING
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 752
Server version: 5.5.29-0ubuntu1 (Ubuntu)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| foo#localhost |
+----------------+
1 row in set (0.00 sec)
mysql>
As you can see - first I test connecting straight to MySQL - it rejects the ANYTHING/SOMETHING credentials. Then I connect to the MySQL proxy on 3307 and it lets me straight in because the lua script is changing the username and password the connection is using.
I've just downloaded and installed WAMPserver 2.1 and I want to set a password for the MySQL 5.5.8 database. I'm doing a tutorial at lynda.com and the tutor (Kevin Skoglund) instructions to type:
mysql> use mysql
Database changed
mysql> UPDATE user
-> SET Password = PASSWORD('paSSword')
-> WHERE user = 'root';
When I hit enter, I get this error about the WHERE statement:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right syntax to use
near 'WHERE' user='root'; at line 2
Does anyone know the correct syntax for the WHERE statement? His lessons were done in 2007, so I guess the syntax has changed because it worked for him in the video. This line was returned for him:
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql>
Thanks
This works on my test server:
mysql> UPDATE user SET password=PASSWORD('newpassword') WHERE user ='root';
mysql> Query OK
You are trying to set Password instead of password (lowercased)
Shai.
I was having the same problem with the same lynda.com tutorial. The solution is:
UPDATE mysql.user SET Password=PASSWORD('cleartext password')
WHERE User='root';
FLUSH PRIVILEGES;
Login to mysql as root, then
SET PASSWORD FOR 'user-name-here'#'hostname-name-here' = PASSWORD('new-password-here');
For a real scenario
SET PASSWORD FOR 'user_test'#'localhost' = PASSWORD('hello');
I was having exactly the same problem, the problem was solved as follows:
UPDATE mysql.user SET Password=PASSWORD('YourPassword') WHERE User='root';
NOTE: The problem was that I put <>(angle brackets) instead of () (round brackets) into the program, I know it sounds really dumb, but this is what happened. Because () and <> appear to look the same on command line, I messes them up.
This code:
UPDATE user SET password=PASSWORD('newpassword') WHERE user ='root';
Will compile (for want of a better word), but is very insecure code:
Here's what the MySQL manual says about it:
Note
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.
If you insist on storing passwords in your database, you should always salt them and use a secure hash.
MD5 and SHA1 are no longer secure. In 2005 (!) Bruce Scheier, a leading expert on this topic said: "It's time for us all to migrate away from SHA-1."
I suggest using SHA2 with a 512 bits hash length.
$user = mysql_real_escape_string($_POST['user']);
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
if not(empty($password1) and ($password1 == $password2) {
$update = "UPDATE user
SET passhash = SHA2(CONCAT(id,'$password1'),512)
WHERE user = '$user' AND passhash = SHA2(CONCAT(id,'$oldpassword'),512)";
This ensures that the user can only change the password when he knows the old password.
The salt needs to be stored in the same row as the password, but does not need to be secret.
Just make sure you prefix it to the password.
Testing the password works like:
SELECT * FROM user
WHERE username = 'root'
AND passhash = SHA2(CONCAT(id,'passwordexample'),512)