MySQL Database

ID #1020

Why is my database password encrypted with MySQL OLD_PASSWORD()?

Applies to: Grid System

MySQL 4.1 came out in 2004 and introduced a more secure password hashing scheme.  This new method is not compatible for applications that use, for example, PHP4.  We have kept using MySQL OLD_PASSWORD() since 2004 to keep customers' old applications working properly.  

PHP 5.3, available in our Debian 6 environment, uses a new driver, called mysqlnd, to communicate with MySQL. Mysqlnd does not work with passwords encrypted with OLD_PASSWORD().  So, we must begin transitioning to the new, better PASSWORD().

The transition plan varies depending on you situation:

  • Customers on Debian 6: Do nothing; you are already using the newest password hashing, and it is fully compatible with PHP 5.3
  • Customers on Debian 5: Submit a new database password.  It will be stored more securely and your applications will continue to work.  You can submit your current password for re-encryption if it meets our minimum password strength requirements.
  • Customers on Redhat 7: Either...
    • ...submit a new password, and be prepared to upgrade to a Debian environment immediately after updating your password. ( Recommended )
    • ...or keep your current database password.  You will be unable to add new databases in this state.  If you absolutely must change your password or add a database, contact support for a special exception.

Last update: 2011-04-05 15:55
Author: Thomas Connell
Revision: 1.2

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ