ID: 50815 Updated by: johan...@php.net Reported By: jd at cpanel dot net -Status: Open +Status: Feedback Bug Type: MySQL related Operating System: any PHP Version: 5.3.1 New Comment:
The old hashing algorithm was insecure, which means passwords could be guessed with little effort. Additionally the last MySQL Server version which depended on this format is 4.0, which is out-of-support by MySQL (see http://www.mysql.com/about/legal/lifecycle/ ) since 2006 (extended support for customers ended 2008-09). Why do you need an insecure auth mechanism? Previous Comments: ------------------------------------------------------------------------ [2010-01-21 18:57:50] jd at cpanel dot net Description: ------------ This is a wishlist item. We've found it impossible to use the mysqlnd driver for the PHP MySQL extension since it does not support the 323 style short password hash fallback that the normal libmysqlclient handles during authentication. This means that any mysql users that were added while short password hashes were in use have to change their passwords to long hashes before connecting is possible. Most likely, this is what bug 44082 was encountering. There are several other reports of this problem outside the PHP BTS. The only reference to this limitation I see in the official description of mysqlnd is "The MySQL native driver for PHP does not support the MySQL Server 4.0 or earlier." ( http://dev.mysql.com/downloads/connector/php-mysqlnd/ ) This is misleading since the 323 short password hashes work fine using libmysqlclient with MySQL 4.1+. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50815&edit=1
