For some reason, when creating a MySQL user with empty password, it only allows connections if the user has the same name as a system user (Ubuntu Server 10.04, MySQL version 5.1.41). According to everything I have read so far, MySQL users ought to be completely separate from the system user accounts, so I'm not sure how to explain what's going on.
Am I doing something wrong? Is there some settings somewhere that affects this?
(Additional info:
I'm setting this up to only allow connections from the local network; some of the tools I'm using on a project require a user without a password.)
This seems likely to be a duplicate, though when I searched I couldn't find any previous question about this issue. If the same question HAS been asked before, I apologize.
here is something i found in mysql docs.
When you assign an account a nonempty password using SET PASSWORD, INSERT, or UPDATE, you must use the PASSWORD() function to encrypt the password, otherwise the password is stored as plaintext. Suppose that you assign a password like this:
mysql> SET PASSWORD FOR
-> 'username'#'localhost' = 'mypass';
The result is that the literal value 'mypass' is stored as the password in the user table, not the encrypted value. When user attempts to connect to the server using this password, the value is encrypted and compared to the value stored in the user table. However, the stored value is the literal string 'mypass', so the comparison fails and the server rejects the connection with an Access denied errorFirst have a user name (other than system name) with some password.
So have a user name of your choice with some passowrd and then use PASSWORD() function to set an empty password. The use of the function can be seen here.
Related
I'm using the mysql 8.0.15. i know there is one same question, but in the recent version mysql 8.0.11, PASSWORD function is removed. I'm trying to get back my root user password, i have got the encrypted string caching_sha2_passIBjIZxTzot5bM9bujMxG9orfl6Ctt.w2SDLZUzAsrxD0 how can i decrpyt it? Also i try to follow solutions from this to reset password, but without the password function, almost cannot proceed.
Passwords for authentication are stored in a way that's irrecoverable, it's a one-way hashing function that's applied. In this case it's SHA2.
There's no way to "unhash" this by design. The database entry contains just enough information to validate any given password, but not enough to tell you what the password is.
You can reset the password by disabling password checks and set a new password.
I have a remote device that must login to mySQL database, but will not permit special characters on the username field.
When I create a new username, it appends #databasename.
So for example if I create a user called testconnection, it wont work by itself, I must use testconnection#databasename as username.
How can I create a username that is not automatically appended the database name?
This is MySQL principle, you could fin the principle in the official document:Adding User Accounts. The # is used to specify your host.
It's not the azure mysql appends #hostname, actually it's %, account uses the % wildcard for the host part, so it can be used to connect from any host.
And if you create with like this code without hostname:
CREATE USER 'new_master_user' IDENTIFIED BY 'StrongPassword!';
it will append %.I add an user with % to make the error happens.
And in MySQL workbench you could find if you set the Limit to Hosts Matching null, it will prompt Host name must not be blank. So the hostname is a required parameter.
I have upgraded MariaDB 5.5 to 10.1 now and it says mysql uses secure-auth and change old password to new password. I have disabled secure-auth in my.cnf and able to login.
Now my question is how do I change old password to new password and enable secure-auth on the database.
suggest how do I do it.
I'm going to assume your MariaDB server doesn't have other users that you don't know the passwords for, and that you have requisite PRIVILEGES to modify users and set system level variables. Super_Priv may be enough :)
Note: You run the risk of locking yourself out, but as long as you are logged in, changing these won't log you out of your current session so you can recover if things go the wrong way, without having to restart. I always test with a second connection, because it is a buzzkill to lock yourself out of a database. Not that I would know anything about that.
Note2: I'd strongly recommend backing up the user table for safety with SQL similar to this:
CREATE TABLE mysql.user_backup_YYYYMMDD LIKE mysql.user;
INSERT INTO mysql.user_backup_YYYYMMDD SELECT * FROM mysql.user;
You can modify the "secure_auth" setting in real-time (so you don't have to restart your mariadb server) by changing the system variable "secure_auth" (if your user account has the required privileges) with the following sql (ie. run in a mysql client):
SET GLOBAL secure_auth="ON";
or
SET GLOBAL secure_auth="OFF";
To see what the current value is:
SHOW GLOBAL VARIABLES LIKE '%auth%';
To make it permanent through a reboot, change the value in your:
/etc/my.cnf.d/server.cnf (or possibly your /etc/my.cnf - hopefully it's not set in both, but it's worth checking)
[mysqld]
secure-auth=on
(Note: As you found out, changes in the .cnf won't be loaded until your mariadb server is restarted)
Once you enable auth_secure, users with "old passwords" won't be able to log in as they have been. The easiest approach, if possible, at the point is to upgrade the password types on all accounts to avoid any issues trying to support both.
You can view the current accounts and (encrypted) passwords with the following SQL:
SELECT user, host, password FROM mysql.user;
Before updating, you can verify that your password is what you think it is by comparing this sql to the PASSWORD field in the mysql.user table:
SELECT OLD_PASSWORD('What You Think Your Password Is');
And the same thing, but for the new passwords:
SELECT PASSWORD('newpass');
From there, you have options, but the normal way would be to set the passwords:
SET PASSWORD FOR 'foo'#'%' = PASSWORD('newpass');
where foo and % are the fields HOST and USER from the mysql.user table.
Another (funky) option would be to clear the passwords using the ALTER USER command and no INDENTIFIED BY clause as described here:
https://mariadb.com/kb/en/library/alter-user/
Obviously that could lead to security anti-joy.
You can also set the password fields by an update statement, for example, if you wanted to set it back to a saved value:
UPDATE mysql.user SET PASSWORD="SOME SAVED VALUE" where USER = "sqllove" and host = "localhost";
Or you could set it back to an "old password" format, if you know the password:
UPDATE mysql.user SET PASSWORD=OLD_PASSWORD("Old Password") where USER = "sqllove" and host = "localhost";
One (scary) nice thing about this approach is if you are setting a password for multiple users, you can do it in one command - for example, to make the password "easy" for people connecting on the same machine via localhost:
UPDATE mysql.user set PASSWORD=PASSWORD("easy") where host="localhost";
And to make sure your latest user changes are visible immediately, when done, some final SQL:
FLUSH privileges;
I'd stay logged into the MariaDB client the entire time - make changes, flush, test from another account, relog any services (they will continue to work even if something is wrong but will fail next login attempt) and once it's safe then log out.
Tip: If you are in unix and logged into the client and need to run a shell command, instead of logging out of your client, you can hit Ctrl-Z to get a shell prompt (suspending your client) program, and you can then run shell commands (ie. run a 2nd client! or restart services that connect to the database) and when ready, enter %1 to get back into the client (you might have to hit enter to reload the prompt). This works in most console programs in unix, not just the MariaDB client. If you do it repeatedly like Inception, the return command would be %2 and %3 and so on depending on how many levels you go down. But time won't go slower.
I am using MySQL workbench 6.2.3. I want limit user access to an individual database.When one trying to open a database after getting in a connection, he/she should enter user name and password. Is there any provision to grant access to a database after entering valid username and password?
There's no way to require an additional password for a user once he logged in. Control access via the normal MySQL login. The user name used for that can be configured to have only access to the objects you want. The used user name decides what is allowed and what is not.
For commercial MySQL editions you can also use the new MySQL Firewall, which allows only a set of previously learned queries to be run by a given user. It's not a second login, but you can fine tune access levels for a given user.
I am not sure if this is what you are trying to achieve but you can do the following to grant a user the access to a single database and all its tables.
You login as root with "mysql -u root"
Then execute : GRANT ALL PRIVILEGES ON SpecificUserDB.* To 'TheUser'#'yourserver' IDENTIFIED BY 'secretpwd';
Hope this helps.
Good Day
I am a front-end developer, and I know little from MySQL and databases.
I have a Wordpress MySQL database in CPanel. Now I forgot my password, and the password for my user as seen in phpmyadmin is hashed/encrypted.
How do I get the password?
NOTE: I do not have access to the Server since this is a website on a shared hosting account, so doing the following is not possible for me:
See this post on Stack
Stop the MySQL process.
Start the MySQL process with the --skip-grant-tables option.
Start the MySQL console client with the -u root option.
List all the users;
SELECT * FROM mysql.user;
Reset password;
UPDATE mysql.user SET Password=PASSWORD('[password]') WHERE User='[username]';
But DO NOT FORGET to
Stop the MySQL process
Start the MySQL Process normally (i.e. without the --skip-grant-tables option)
when you are finished. Otherwise, your database's security could be compromised.
If your website is working you can probably find the mysql user/password
in the config.php file in your wordpress filesystem.
Otherwise:
Your best option is probably to add a user to the database and give it the needed privileges, to do that:
Click MySQL databases.
Create new user.
Assign new user to your database.
Edit config.php on your wordpress filesystem and change to the new username.
This is sub optimal, but will work.
There is a simple way for you to gain access to your WordPress user info if you don't know the password. I'm assuming you are talking about a WordPress user password retrieval. You need to have access and edit privileges to your database to do this.
-Open up phpMyAdmin or however you prefer to access database tables
-Select your database
-Open the table wp_users
-Under the column 'user_login' you will need to find which entry you want to access. Your username should be in one of the row entries.
-Once found, there will be a 'user_pass' column as well. Now some explaining needs to happen. You cannot retrieve your password without hacking/brute forcing that encryption. These are MD5 hash encrypted passwords. What we are going to do is just simply create a new password here. All you have to do is Google "MD5 Hash generator". I tested this on the first result I found and it worked.
-Once you find a website with a generator just simply type in your password and then retrieve the hash that's given to you. For example I typed in 'password' and I receive '5f4dcc3b5aa765d61d8327deb882cf99' Now we have a new encrypted password to set. If you are worried about sites saving your password entries or hashes just make up a password as a temporary fix. Then you can just login with that and change the password via the WordPress Dashboard later.
-Select the row that your username is in. Click Change/Edit then just copy and paste the entire MD5 Hash into the wp_pass column.(Overwrite the old password btw.) Save/Go/Execute to make sure the table was re-written. In this example I would be pasting '5f4dcc3b5aa765d61d8327deb882cf99' into the column without quotes of course.
-Please be sure to only change the 'wp_pass' entry and to make sure it's corresponding to the correct username.(On the same row)
-Now you should be able to login with your new password.('password')