Hello,
MySQL removed support for 4.1 style passwords from 5.6 and so caused alot of trouble when migrating old mysql accounts to new mysql.
So before the migration, i need to discover mysql users with too weak passwords. Anyone know how to do it on Linux (this is CentOS and My$QL 5.5.6)?
Can i as a root discover plain text passwords (without manually finiding the password in the appropriate configuration.php file of the user) ?
“How can I crack an old mySQL database”
… sorry, not going to be much help here. Potential for abuse wayyyyyy too high on that one.
Politely inform your users they should all be using super secure passwords, and trust them to be idiots anyway.
It could be argued that if you are storing passwords in cleartext you have more to be concerned about than how strong or weak they are.
IMHO the most urgent task would be to get them to be encrypted. True, they could still be checked with the Password Validation Component though I’m not sure how I would go about addressing the problem retro after the fact. I think I would be tempted to put the more secure code in place and require all existing accounts to resubmit their credentials.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.