如何从 MySQL 旧密码升级到新密码系统

2022-01-22 00:00:00 passwords mysql

我在 mysql server 5.0 中有很多用户(特权).我想将它们全部转移到新的 MySQL 服务器 5.5 中.但是密码是旧格式的(在`mysql`.`user`表中).所以我想将所有旧密码转换为新格式.

I have a lot of users (privilages) in mysql server 5.0 . I want to transfer all of them into new MySQL server 5.5 . But the passwords are in old format (in `mysql`.`user` table). So I want to convert all old passwords to new format.

有什么方法可以在不更改 MySQL 密码的情况下转移和升级它们?

Is there any way to transfer and upgrading the MySQL passwords without changing them?

推荐答案

假设你知道密码就可以了

Assuming you know the password you can

set password = password('samepasswordasbefore');

在服务器或会话的 old_passwords 设置为关闭之后.

after old_passwords has been set to off for the server or the session.

set old_passwords = 'OFF';

set [session] old_passwords = 'OFF';

服务器不关心/知道它与以前的密码相同.

The server does not care/know that it is the same password as before.

因此,运行软件没有风险,但从安全角度来看,您应该更改密码,因为旧密码可能已被泄露.当然,强制它们定期更改会更好,在这种情况下,您可以将 old_passwords 设置为 OFF 并等待.

As a result there is no risk to running software though from a security perspective you should change the passwords as the old one may have been compromised. Of course it would be even better to be forcing them to change periodically in which case you could just set old_passwords OFF and wait.

批量设置密码不会那么容易,但如果 old_passwords 已关闭一段时间,则用户中应该只有少数具有旧短哈希的帐户.您至少可以将未更新的那些标识为用户表中具有较短散列的那些.

Doing the set password in bulk isn't going to be so easy but if old_passwords has been OFF for some time there should only be a few accounts with old short hashes in user. You can at least identify those that have not been updated as those with a shorter hash in the user table.

相关文章