MySQL Manual
4 Database Administration
- 4.3 MySQL User Account Management
- 4.3.1
GRANTandREVOKESyntax - 4.3.2 MySQL User Names and Passwords
- 4.3.3 When Privilege Changes Take Effect
- 4.3.4 Setting Up the Initial MySQL Privileges
- 4.3.5 Adding New Users to MySQL
- 4.3.6 Limiting user resources
- 4.3.7 Setting Up Passwords
- 4.3.8 Keeping Your Password Secure
- 4.3.9 Using Secure Connections
- 4.3.1
4.3.2 MySQL User Names and Passwords
There are several distinctions between the way user names and passwords are used by MySQL and the way they are used by Unix or Windows:
-
User names, as used by MySQL for authentication purposes, have
nothing to do with Unix user names (login names) or Windows user names. Most
MySQL clients by default try to log in using the current Unix user
name as the MySQL user name, but that is for convenience only.
Client programs allow a different name to be specified with the
-uor--useroptions. This means that you can't make a database secure in any way unless all MySQL user names have passwords. Anyone may attempt to connect to the server using any name, and they will succeed if they specify any name that doesn't have a password. - MySQL user names can be up to 16 characters long; Unix user names typically are limited to 8 characters.
- MySQL passwords have nothing to do with Unix passwords. There is no necessary connection between the password you use to log in to a Unix machine and the password you use to access a database on that machine.
-
MySQL encrypts passwords using a different algorithm than the
one used during the Unix login process. See the descriptions of the
PASSWORD()andENCRYPT()functions in section 6.3.6.2 Miscellaneous Functions. Note that even if the password is stored 'scrambled', and knowing your 'scrambled' password is enough to be able to connect to the MySQL server! From version 4.1, MySQL employs a different password and login mechanism that is secure even if TCP/IP packets are sniffed and/or the mysql database is captured.
MySQL users and their privileges are normally created with the
GRANT command. See section 4.3.1 GRANT and REVOKE Syntax.
When you login to a MySQL server with a command-line client you
should specify the password with --password=your-password.
See section 4.2.8 Connecting to the MySQL Server.
mysql --user=monty --password=guess database_name
If you want the client to prompt for a password, you should use
--password without any argument
mysql --user=monty --password database_name
or the short form:
mysql -u monty -p database_name
Note that in the last example the password is not 'database_name'.
If you want to use the -p option to supply a password you should do so
like this:
mysql -u monty -pguess database_name
On some systems, the library call that MySQL uses to prompt for a password will automatically cut the password to 8 characters. Internally MySQL doesn't have any limit for the length of the password.
