With the release of MySQL 4.1, the password hashing mechanism was updated to produce more secure passwords. MySQL continued to support the old MySQL password hashes for compatibility reasons until MySQL 5.6. When upgrading to MySQL version 5.6 (or the MariaDB equivalent) or higher, MySQL will randomize any passwords using an old password hash. Randomizing the password for MySQL users can prevent websites from connecting to databases properly, and effectively bring the site down.
Passwords stored in a database (if done responsibly) are not stored in a human readable form. In the event of a security breach, this prevents attackers from having plaintext passwords that can be used to easily access user accounts. Converting passwords to a non-human readable form is where hashing comes in.
Hashing is a process by which a string of characters (a password in this case) is mathematically transformed into a cryptographically secure hash. A hash would look like a series of meaningless random characters, and is stored in a database as a representation of a password. This differs from something like encryption in that hashing isn't intended to be reversed. A password can be easily converted into a hash, but a hash can't be easily converted back into a password. When a user tries to authenticate with a password, the password provided then undergoes the same hashing operation, and is compared to the hash in the database. If the hashes match, the user is authenticated, and logged in.
While hashes aren't supposed to be reversible, it isn't really true. Hashes can be "cracked", and converted back to a usable password given enough time, or ingenuity. Hashing functions have evolved, and become more secure as existing hashing functions have been cracked. The hash used by MySQL for passwords prior to MySQL 4.1 is now considered to be a weak hash, and can be more easily cracked in the hands of an attacker. The password hash introduced in MySQL 4.1 is a much stronger hash, and much more difficult to crack.
Locating A Password
If a site connects to a MySQL database, it has to store the name of that database and the user and password used to connect to it somewhere. Usually it's stored in a flat file, and typically it will be a configuration file.
For WordPress, the MySQL user and password is in the
wp-config.php file. In that file, look for the definitions of the
For Joomla, the MySQL user and password is in the
configuration.php file. In that file, look for declarations of the
If you're using a version of Joomla prior to 3.0, the location of the MySQL user and password may vary.
For Drupal, the MySQL user and password is in the
sites/default/settings.php file. In that file, look for the declaration of the
With older versions of Drupal, the database information may be in a different form.
For Magento, the MySQL user and password is in the
app/etc/local.xml file. In that file, look for the
Updating Password Hashes
Password hashes will be updated when a user's password is changed. Changing the password to the same password will simply update the hash without changing anything else. There are a couple methods you can use to change the password.
You can quickly update the password for a MySQL user within cPanel.
Go to Databases > MySQL® Databases.
Click Change Password for user you wish to change.
On the following page, you will be able to update the password for the MySQL user.<p style="margin-top: 10px; margin-bottom: 0px; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, 'Fira Sans', 'Dr
- mysql, password, hash, 4.1, updating, hashes
- 0 Users Found This Useful