Changed MySQL PASSWORD() implementation in Debian Etch

Since version 4.1, MySQL has changed its PASSWORD() implementation. The new implementation creates longer password hashes for improved security (see http://dev.mysql.com/doc/refman/4.1/en/password-hashing.html).
However, this makes authentication fail for web sites that use tables containing old-style password hashes, because these are compared to the hashes the new PASSWORD() implementation produces.
The aforementioned MySQL website describes different ways for fixing this problem. The simplest in some cases is to replace all instances of PASSWORD() with OLD_PASSWORD(). Of course you should upgrade as soon as reasonable to the stronger hashes.
As Debian Etch ships with MySQL 5.0, whereas Sarge contained version 4.0, this implementation change has bitten us today during an upgrade.

Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: