Re: [campsite-dev] Login failed and Mysql PASSWORD function
  • Thanks for the bug report! I've added it to our bug tracker. This is a
    big one.



    phorum@code.campware.org wrote:
    > Author: armando Link:
    > http://code.campware.org/phorum/read.php?9,2980,2980#msg-2980
    > --------------------------------------------------------------------------------
    >
    >
    > Dear all,
    >
    > I had problems of 'Login failed', so I tried to update the password
    > by hand in the database. I received a not very descriptive warning,
    > but very apparent results: different return values for PASSWORD in
    > UPDATE SET Password=PASSWORD('admn00') and SELECT PASSWORD('admn00').
    >
    >
    > Checking out the documentation, I found at
    > http://dev.mysql.com/doc/refman/4.1/en/encryption-functions.html
    >
    >
    > Note: The PASSWORD() function is used by the authentication system in
    > MySQL Server; you should not use it in your own applications. For
    > that purpose, use MD5() or SHA1() instead. [...]
    >
    >
    > I changed PASSWORD to MD5 in the User class, and everything worked
    > fine (after updating the 'admin' password, of course).
    >
    > It seems that the internal security hashing algorithm changed in
    > Mysql from 4.0 to 4.1, but it's odd that it could give different
    > results from within its own interface.
    >
    > Best regards,
    >
    > Armando
    >
    > PS I've been in the media business for some time, and your software
    > has been quite a discovery (through Props, btw). Congratulations. I
    > was worried that Java was too advanced for small publications, only
    > to find that you are using C++ in a service and recommending 'root'
    > access...
    >
    >