How can I programatically verify a password in newer versions of MySQL?

允我心安 提交于 2021-01-29 06:53:55

问题


In newer versions of MySQL there is a pluggable authentication system. Previously there was the PASSWORD function that could generate the hash found in user.authentication_string, but that function has been removed in later versions (8.0.11 AFAICT) of MySQL.

If I would like to verify a users password (without actually logging in - since a user may not be able to log in from the host that I'm on), is there a way to do that using modern MySQL?


回答1:


If I would like to verify a users password (without actually logging in - since a user may not be able to log in from the host that I'm on), is there a way to do that using modern MySQL?

PASSWORD(..) function seams to be the same as using this SQL CONCAT('*', UPPER(SHA1(UNHEX(SHA1(..)))))

I don't know where you use the password for, but you should not use it for your passwords for your application.

Note

PASSWORD() is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider a more secure method

Query

  SELECT
        PASSWORD('password')
      , CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password'))))) 
      , PASSWORD('password') = CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password')))));

Result

| PASSWORD('password')                      | CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password'))))) | PASSWORD('password') = CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password'))))) |
| ----------------------------------------- | ------------------------------------------------- | ------------------------------------------------------------------------ |
| *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19         | 1                                                                        |

see demo

A better test seams to confirm it.

Query

SELECT
   HEX(number_generator.number) AS 'password'
 , PASSWORD(HEX(number_generator.number))
 # notice that HEX(number_generator.number) below is the "password" here             
 , CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) ))))) 
 , PASSWORD(HEX(number_generator.number)) = CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) )))))                                  
FROM (                                                                 
  SELECT 
   @row := @row + 1 AS number
  FROM (
    SELECT 0 UNION SELECT 1 UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 UNION SELECT 9
  ) row1
  CROSS JOIN (
    SELECT 0 UNION SELECT 1 UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 UNION SELECT 9
  ) row2
  CROSS JOIN (
    SELECT @row := 0 
  ) init_user_params
) AS number_generator 

Results

| password | PASSWORD(HEX(number_generator.number))    | CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) ))))) | PASSWORD(HEX(number_generator.number)) = CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) ))))) |
| -------- | ----------------------------------------- | --------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| 1        | *E6CC90B878B948C35E92B003C792C46C58C4AF40 | *E6CC90B878B948C35E92B003C792C46C58C4AF40                             | 1                                                                                                              |
| 2        | *12033B78389744F3F39AC4CE4CCFCAD6960D8EA0 | *12033B78389744F3F39AC4CE4CCFCAD6960D8EA0                             | 1                                                                                                              |
| 3        | *C4E74DDDC9CC9E2FDCDB7F63B127FB638831262E | *C4E74DDDC9CC9E2FDCDB7F63B127FB638831262E                             | 1                                                                                                              |
| 4        | *908BE2B7EB7D7567F7FF98716850F59BA69AA9DB | *908BE2B7EB7D7567F7FF98716850F59BA69AA9DB                             | 1                                                                                                              |
| 5        | *7534F9EAEE5B69A586D1E9C1ACE3E3F9F6FCC446 | *7534F9EAEE5B69A586D1E9C1ACE3E3F9F6FCC446                             | 1                                                                                                              |
| 6        | *C3AB9ECDF746570BBF9DCAA9DB3586D25956DC93 | *C3AB9ECDF746570BBF9DCAA9DB3586D25956DC93                             | 1                                                                                                              |
| 7        | *23E7A7428138939FBE2F69D23E5B87383EFD83C9 | *23E7A7428138939FBE2F69D23E5B87383EFD83C9                             | 1                                                                                                              |
| 8        | *6AF37A8C78E3A957D16D98F12788D1CFB2987A4C | *6AF37A8C78E3A957D16D98F12788D1CFB2987A4C                             | 1                                                                                                              |
| 9        | *7E9FDC7F61153649AB9A75CED26807DF74F86E65 | *7E9FDC7F61153649AB9A75CED26807DF74F86E65                             | 1                                                                                                              |
| A        | *26307F6B5CDB40C15C247B96C131CC1E0B3FFD1B | *26307F6B5CDB40C15C247B96C131CC1E0B3FFD1B                             | 1                                                                                                              |
| B        | *693EFD3BD44CCBA9924731C2DB18ADB8825C0B0A | *693EFD3BD44CCBA9924731C2DB18ADB8825C0B0A                             | 1                                                                                                              |
| C        | *8B1F657800F87E02617CD07126FDCF7B9F13E955 | *8B1F657800F87E02617CD07126FDCF7B9F13E955                             | 1                                                                                                              |
| D        | *3F7A80713CAA5954D376F883C83B8E4FEFEAF72C | *3F7A80713CAA5954D376F883C83B8E4FEFEAF72C                             | 1                                                                                                              |
| E        | *1355D7A5CA049A2A7FA92669438A10C77D4FB706 | *1355D7A5CA049A2A7FA92669438A10C77D4FB706                             | 1                                                                                                              |
| F        | *2201A8B92856ABC4CDA3731B6D3AC61EEC87916C | *2201A8B92856ABC4CDA3731B6D3AC61EEC87916C                             | 1                                                                                                              |
...
...                                                                                                           |
...                                                                                                            |
| 53       | *30E6AFC81FB2DB79651D461029189713DDD2D847 | *30E6AFC81FB2DB79651D461029189713DDD2D847                             | 1                                                                                                              |
| 54       | *A28085F893F86EA1E692F52D847EA3B203C448E1 | *A28085F893F86EA1E692F52D847EA3B203C448E1                             | 1                                                                                                              |
| 55       | *4C951E13CC5E761093F241590580096A2276ECAC | *4C951E13CC5E761093F241590580096A2276ECAC                             | 1                                                                                                              |
| 56       | *060C8650684D90D54F2D537D0B8513C74F1AE4DD | *060C8650684D90D54F2D537D0B8513C74F1AE4DD                             | 1                                                                                                              |
| 57       | *F22C0306C4BB97CAE897F4BA7A3D22870725E51D | *F22C0306C4BB97CAE897F4BA7A3D22870725E51D                             | 1                                                                                                              |
| 58       | *C96B8933A9A02563E00980C026C3401B1E3FB6A2 | *C96B8933A9A02563E00980C026C3401B1E3FB6A2                             | 1                                                                                                              |
| 59       | *42AC75307953D669FDEBD5928227A0A991AABFB0 | *42AC75307953D669FDEBD5928227A0A991AABFB0                             | 1                                                                                                              |
| 5A       | *A43D92E9EC11516AC82C4561124A08E91DE4F208 | *A43D92E9EC11516AC82C4561124A08E91DE4F208                             | 1                                                                                                              |
| 5B       | *0A89BF1EEF0EDB061EE4F72477E498E5C3233909 | *0A89BF1EEF0EDB061EE4F72477E498E5C3233909                             | 1                                                                                                              |
| 5C       | *78B1EECD64E0949B20E747230E30538898833DC1 | *78B1EECD64E0949B20E747230E30538898833DC1                             | 1                                                                                                              |
| 5D       | *C536CE7F28C05D5BBB5E776A92D9DCFF515A6955 | *C536CE7F28C05D5BBB5E776A92D9DCFF515A6955                             | 1                                                                                                              |
| 5E       | *5C1BA2FD08D6FC2724860A81B70B44CC14912E95 | *5C1BA2FD08D6FC2724860A81B70B44CC14912E95                             | 1                                                                                                              |
| 5F       | *7031DDE5CFC93067F81FBD30445112136AB32E53 | *7031DDE5CFC93067F81FBD30445112136AB32E53                             | 1                                                                                                              |
| 60       | *0B30A071BE5EFE9C738FC899EFF47F90202C533D | *0B30A071BE5EFE9C738FC899EFF47F90202C533D                             | 1                                                                                                              |
| 61       | *DCDBF922065A133AE5985C3AA7465179DF4C8086 | *DCDBF922065A133AE5985C3AA7465179DF4C8086                             | 1                                                                                                              |
| 62       | *0B3DF0C237D6FD5EA8D743889B33384299F8059F | *0B3DF0C237D6FD5EA8D743889B33384299F8059F                             | 1                                                                                                              |
| 63       | *2A3522DE0C5E510153DA977554999B35C2CA0B56 | *2A3522DE0C5E510153DA977554999B35C2CA0B56                             | 1                                                                                                              |
| 64       | *61EB3D64954A1F12CD41EA35F2EB27A0E785E997 | *61EB3D64954A1F12CD41EA35F2EB27A0E785E997                             | 1     

see demo



来源:https://stackoverflow.com/questions/55150300/how-can-i-programatically-verify-a-password-in-newer-versions-of-mysql

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!