Opened 15 years ago
Closed 11 years ago
#136 closed defect (fixed)
PHP 5.3 mysqlnd requires new-style passwords
Reported by: | geofft | Owned by: | |
---|---|---|---|
Priority: | blocker | Milestone: | Fedora 20 |
Component: | sql | Keywords: | |
Cc: |
Description (last modified by andersk)
The sql.mit.edu servers currently have old_passwords=1 set in the mysqld configuration for compatibility with MySQL 3.x and 4.x clients. The MySQL native driver in PHP 5.3 only knows how to deal with new-style passwords; this will probably bite us hard when we move to PHP 5.3 as part of upgrading to Fedora 13.
We'll need to either figure out if we can do the backward-compatible but insecure hack of making PHP clients able to use old-style passwords (disable the native driver? patch it?), or if we can drop support for MySQL clients that don't support new-style passwords, i.e., 4.0.x and below.
Change History (9)
comment:1 Changed 15 years ago by mitchb
- Priority changed from blocker to minor
comment:2 Changed 14 years ago by andersk
- Description modified (diff)
comment:3 Changed 14 years ago by andersk
As far as I can see, we can just do this. The only reason we couldn’t just do this would be if someone was still using libmysqlclient 4.0.x or earlier against sql.mit.edu. MySQL 4.1 was certified production-ready in October 2004, and MySQL 4.0.x reached end-of-life on December 31, 2008. The current scripts servers have libmysqlclient 5.1.56.
comment:4 Changed 13 years ago by ezyang
- Milestone set to Fedora 17
No change for Fedora 15, so we can punt it another year if we really wanted to...
comment:5 Changed 13 years ago by ezyang
- Priority changed from minor to normal
comment:6 Changed 13 years ago by ezyang
- Milestone changed from Fedora 17 to Fedora 19
mysqlnd is a subpackage in Fedora 16+, but you don't have to use it, so we can punt this issue again.
comment:7 Changed 11 years ago by achernya
- Priority changed from normal to blocker
After years of delay, the changeover finally strikes. There's no php-mysql, only a php-mysqlnd in F19.
comment:8 Changed 11 years ago by quentin
Note that we will need to rehash passwords on sql.mit.edu before we can authenticate with mysqlnd, even after we change the flag to allow new-style passwords.
comment:9 Changed 11 years ago by achernya
- Resolution set to fixed
- Status changed from new to closed
Passwords have been rehashed.
Fortunately for us, the F13 packages have not begun to build with the option that enables mysqlnd for any of the mysql, mysqli, or pdo-mysql extensions. As a result, they all still use the libmysql client library, which supports both types of passwords (as well as such niceties as SSL). So, while sql and scripts should probably figure out whether/when we can discontinue keeping the less secure compatibility passwords around, this doesn't pose an issue for the F13 upgrade.