I\'m using Linux (Ubuntu) After create a database I create 2 users; John and Mar

Question

I'm using Linux (Ubuntu) After create a database I create 2 users; John and Mark using two command:

1) INSERT INTO mysql.user (User,Host,authentication_string,ssl_cipher,x509_issuer,x509_subject)VALUES('john','localhost','password','','','');

2) INSERT INTO mysql.user (User,Host,authentication_string,ssl_cipher,x509_issuer,x509_subject)VALUES('mark','localhost',PASSWORD('password'),'','','');

my question: Is there any difference between how the authentication strings are stored for the 2 users? Which one is better, and why? Thank you

Explanation / Answer

Your first query stores authentication_string in plain text format whereas second on makes hash of your plain text. Encryption performed by PASSWORD() is one-way (not reversible), also it is used by the authentication system in MySQL Server, you should not use it in your own application. When second query if fired, the conversion output is generated in server log file. So whoever has access to that file can get password string.

Hence, my recommendation is, if you are building your own application create your own encryption method and store encrypted password, when retrieving decrypt the string.

Note: PASSWORD() function is deprecated as of MySQL 5.7.6 and will be removed in a future MySQL release.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects