问题
In newer versions of MySQL there is a pluggable authentication system. Previously there was the PASSWORD function that could generate the hash found in user.authentication_string
, but that function has been removed in later versions (8.0.11 AFAICT) of MySQL.
If I would like to verify a users password (without actually logging in - since a user may not be able to log in from the host that I'm on), is there a way to do that using modern MySQL?
回答1:
If I would like to verify a users password (without actually logging in - since a user may not be able to log in from the host that I'm on), is there a way to do that using modern MySQL?
PASSWORD(..)
function seams to be the same as using this SQL CONCAT('*', UPPER(SHA1(UNHEX(SHA1(..)))))
I don't know where you use the password for, but you should not use it for your passwords for your application.
Note
PASSWORD()
is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider a more secure method
Query
SELECT
PASSWORD('password')
, CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password')))))
, PASSWORD('password') = CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password')))));
Result
| PASSWORD('password') | CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password'))))) | PASSWORD('password') = CONCAT('*', UPPER(SHA1(UNHEX(SHA1('password'))))) |
| ----------------------------------------- | ------------------------------------------------- | ------------------------------------------------------------------------ |
| *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 | 1 |
see demo
A better test seams to confirm it.
Query
SELECT
HEX(number_generator.number) AS 'password'
, PASSWORD(HEX(number_generator.number))
# notice that HEX(number_generator.number) below is the "password" here
, CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) )))))
, PASSWORD(HEX(number_generator.number)) = CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) )))))
FROM (
SELECT
@row := @row + 1 AS number
FROM (
SELECT 0 UNION SELECT 1 UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 UNION SELECT 9
) row1
CROSS JOIN (
SELECT 0 UNION SELECT 1 UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 UNION SELECT 9
) row2
CROSS JOIN (
SELECT @row := 0
) init_user_params
) AS number_generator
Results
| password | PASSWORD(HEX(number_generator.number)) | CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) ))))) | PASSWORD(HEX(number_generator.number)) = CONCAT('*', UPPER(SHA1(UNHEX(SHA1( HEX(number_generator.number) ))))) |
| -------- | ----------------------------------------- | --------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| 1 | *E6CC90B878B948C35E92B003C792C46C58C4AF40 | *E6CC90B878B948C35E92B003C792C46C58C4AF40 | 1 |
| 2 | *12033B78389744F3F39AC4CE4CCFCAD6960D8EA0 | *12033B78389744F3F39AC4CE4CCFCAD6960D8EA0 | 1 |
| 3 | *C4E74DDDC9CC9E2FDCDB7F63B127FB638831262E | *C4E74DDDC9CC9E2FDCDB7F63B127FB638831262E | 1 |
| 4 | *908BE2B7EB7D7567F7FF98716850F59BA69AA9DB | *908BE2B7EB7D7567F7FF98716850F59BA69AA9DB | 1 |
| 5 | *7534F9EAEE5B69A586D1E9C1ACE3E3F9F6FCC446 | *7534F9EAEE5B69A586D1E9C1ACE3E3F9F6FCC446 | 1 |
| 6 | *C3AB9ECDF746570BBF9DCAA9DB3586D25956DC93 | *C3AB9ECDF746570BBF9DCAA9DB3586D25956DC93 | 1 |
| 7 | *23E7A7428138939FBE2F69D23E5B87383EFD83C9 | *23E7A7428138939FBE2F69D23E5B87383EFD83C9 | 1 |
| 8 | *6AF37A8C78E3A957D16D98F12788D1CFB2987A4C | *6AF37A8C78E3A957D16D98F12788D1CFB2987A4C | 1 |
| 9 | *7E9FDC7F61153649AB9A75CED26807DF74F86E65 | *7E9FDC7F61153649AB9A75CED26807DF74F86E65 | 1 |
| A | *26307F6B5CDB40C15C247B96C131CC1E0B3FFD1B | *26307F6B5CDB40C15C247B96C131CC1E0B3FFD1B | 1 |
| B | *693EFD3BD44CCBA9924731C2DB18ADB8825C0B0A | *693EFD3BD44CCBA9924731C2DB18ADB8825C0B0A | 1 |
| C | *8B1F657800F87E02617CD07126FDCF7B9F13E955 | *8B1F657800F87E02617CD07126FDCF7B9F13E955 | 1 |
| D | *3F7A80713CAA5954D376F883C83B8E4FEFEAF72C | *3F7A80713CAA5954D376F883C83B8E4FEFEAF72C | 1 |
| E | *1355D7A5CA049A2A7FA92669438A10C77D4FB706 | *1355D7A5CA049A2A7FA92669438A10C77D4FB706 | 1 |
| F | *2201A8B92856ABC4CDA3731B6D3AC61EEC87916C | *2201A8B92856ABC4CDA3731B6D3AC61EEC87916C | 1 |
...
... |
... |
| 53 | *30E6AFC81FB2DB79651D461029189713DDD2D847 | *30E6AFC81FB2DB79651D461029189713DDD2D847 | 1 |
| 54 | *A28085F893F86EA1E692F52D847EA3B203C448E1 | *A28085F893F86EA1E692F52D847EA3B203C448E1 | 1 |
| 55 | *4C951E13CC5E761093F241590580096A2276ECAC | *4C951E13CC5E761093F241590580096A2276ECAC | 1 |
| 56 | *060C8650684D90D54F2D537D0B8513C74F1AE4DD | *060C8650684D90D54F2D537D0B8513C74F1AE4DD | 1 |
| 57 | *F22C0306C4BB97CAE897F4BA7A3D22870725E51D | *F22C0306C4BB97CAE897F4BA7A3D22870725E51D | 1 |
| 58 | *C96B8933A9A02563E00980C026C3401B1E3FB6A2 | *C96B8933A9A02563E00980C026C3401B1E3FB6A2 | 1 |
| 59 | *42AC75307953D669FDEBD5928227A0A991AABFB0 | *42AC75307953D669FDEBD5928227A0A991AABFB0 | 1 |
| 5A | *A43D92E9EC11516AC82C4561124A08E91DE4F208 | *A43D92E9EC11516AC82C4561124A08E91DE4F208 | 1 |
| 5B | *0A89BF1EEF0EDB061EE4F72477E498E5C3233909 | *0A89BF1EEF0EDB061EE4F72477E498E5C3233909 | 1 |
| 5C | *78B1EECD64E0949B20E747230E30538898833DC1 | *78B1EECD64E0949B20E747230E30538898833DC1 | 1 |
| 5D | *C536CE7F28C05D5BBB5E776A92D9DCFF515A6955 | *C536CE7F28C05D5BBB5E776A92D9DCFF515A6955 | 1 |
| 5E | *5C1BA2FD08D6FC2724860A81B70B44CC14912E95 | *5C1BA2FD08D6FC2724860A81B70B44CC14912E95 | 1 |
| 5F | *7031DDE5CFC93067F81FBD30445112136AB32E53 | *7031DDE5CFC93067F81FBD30445112136AB32E53 | 1 |
| 60 | *0B30A071BE5EFE9C738FC899EFF47F90202C533D | *0B30A071BE5EFE9C738FC899EFF47F90202C533D | 1 |
| 61 | *DCDBF922065A133AE5985C3AA7465179DF4C8086 | *DCDBF922065A133AE5985C3AA7465179DF4C8086 | 1 |
| 62 | *0B3DF0C237D6FD5EA8D743889B33384299F8059F | *0B3DF0C237D6FD5EA8D743889B33384299F8059F | 1 |
| 63 | *2A3522DE0C5E510153DA977554999B35C2CA0B56 | *2A3522DE0C5E510153DA977554999B35C2CA0B56 | 1 |
| 64 | *61EB3D64954A1F12CD41EA35F2EB27A0E785E997 | *61EB3D64954A1F12CD41EA35F2EB27A0E785E997 | 1
see demo
来源:https://stackoverflow.com/questions/55150300/how-can-i-programatically-verify-a-password-in-newer-versions-of-mysql