Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16238

root/localhost authn prioritizes authentication_string over Password

    XMLWordPrintable

Details

    Description

      update mysql.user set authentication_string=password('two') where user='root' and host='localhost';
      		 
      set password for 'root'@'localhost' = password("one");
      		 
      flush privileges;

      ^^ You’ll be unable to log in as root/localhost after the above using “one” as the password, but “two” will work.

      A preexisting authentication_string should not take priority over the result of SET PASSWORD FOR.

      This is a problem for installations that are migrated from MySQL 5.7 because these can still have authentication_string values around.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16774 SET PASSWORD and ALTER USER with slightly different results

          • Major - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16350 CLONE - root/localhost authn prioritizes authentication_string over Password

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              serg Sergei Golubchik
              fgasper Felipe Gasper
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.