MySQL removed support for 4.1 style passwords from 5.6 and so caused alot of trouble when migrating old mysql accounts to new mysql.
So before the migration, i need to discover mysql users with too weak passwords. Anyone know how to do it on Linux (this is CentOS and My$QL 5.5.6)?
Can i as a root discover plain text passwords (without manually finiding the password in the appropriate configuration.php file of the user) ?
It could be argued that if you are storing passwords in cleartext you have more to be concerned about than how strong or weak they are.
IMHO the most urgent task would be to get them to be encrypted. True, they could still be checked with the Password Validation Component though I’m not sure how I would go about addressing the problem retro after the fact. I think I would be tempted to put the more secure code in place and require all existing accounts to resubmit their credentials.