Incompatible PASSWORD implentation between MySQL Versions
Disclaimer
Yes, I know: don't use PA开发者_如何转开发SSWORD(password)
to encrypt passwords.
I don't want to - right know I'm stuck with it as it's what my predecessor used before I arrived.
My issue is this
Recently, our MySQL servers went down and wouldn't come back up. I was then asked to set up one of our web servers as a MySQL server and import our latest backup to it. I quickly installed MySQL server and imported the database. The site was back up, everyone was happy.
Not for long: it seems that nobody can login - from what I've read online there seems to be differences in the result of PASSWORD('some pass')
between MySQL versions.
My question is this: aside from force-changing everyone's password and emailing it to them, is there some way for me to allow users to keep their old passwords?
If not then the time has come to bite the bullet, change everybody's passwords - but use SHA1 this time.
Just check the MySQL version. If it's >= 4.1, just use the OLD_PASSWORD()
function instead of PASSWORD
. (I won't go off about the abuses of those functions since you already know).
But one option, is let them login with that old function, and then on success automatically update to something like a strong salted SHA1... And don't use the database hash function since you'd need to transmit the password plain-text in the query (which is not a good idea)...
精彩评论