Comments on: My Two Cents on MySQL Password Security

By: Craig Sylvester

Craig Sylvester — Wed, 10 Jun 2009 15:50:04 +0000

Hi Gerry,

Good tip. However, you need to include the “PASSWORD” keyword in step 3:

CREATE USER ‘name’@'host’ IDENTIFIED BY PASSWORD ‘*’

/Craig

By: Gerry

Gerry — Mon, 08 Jun 2009 17:17:40 +0000

PASSWORD() works, as long as you keep using it on the private server before re-using the hash value. I like SHOW GRANTS because it already shows you the whole GRANT command line which I can copy & paste … call my lazy.

By: Ronald Bradford

Ronald Bradford — Mon, 08 Jun 2009 16:00:43 +0000

That’s a good tip.

By: Mac

Mac — Fri, 05 Jun 2009 22:48:18 +0000

I think I usually use Tom’s method (ie PASSWORD() function), but it’s always good to know alternatives. Thanks for the info.

-Mac

By: Tom Krouper

Tom Krouper — Fri, 05 Jun 2009 21:55:29 +0000

Another option would be to just

SELECT PASSWORD(‘xxxxxx’);

The result will give you the hashed password. If you wanted to go crazy you could do something like…

SELECT CONCAT(“CREATE USER ‘name’@'host’ IDENTIFIED BY ‘”,password(‘xxxxx’),”‘;”);

And copy the whole line.