SET PASSWORD [FORuser] = { PASSWORD('cleartext password') | OLD_PASSWORD('cleartext password') | 'encrypted password' }
The SET PASSWORD statement
assigns a password to an existing MySQL user account. In MySQL
5.0, enabling the read_only
system variable does not prevent use of SET
PASSWORD.
If the password is specified using the
PASSWORD() or
OLD_PASSWORD() function, the
cleartext (unencrypted) password should be given as the argument
to the function, which hashes the password and returns the
encrypted password string. If the password is specified without
using either function, it should be the already encrypted
password value as a literal string. In all cases, the encrypted
password string must be in the format required by the
authentication method used for the account.
With no FOR
clause, this statement sets the password for the current user.
(To see which account the server authenticated you as, invoke
the userCURRENT_USER() function.) Any
client who successfully connects to the server using a
nonanonymous account can change the password for that account.
With a FOR
clause, this statement sets the password for the named user. You
must have the userUPDATE privilege
for the mysql database to do this. The user
account name uses the format described in
Section 6.2.3, “Specifying Account Names”. The
user value should be given as
',
where user_name'@'host_name''
and user_name''
are exactly as listed in the host_name'User and
Host columns of the
mysql.user table row. (If you specify only a
user name, a host name of '%' is used.) For
example, to set the password for an account with
User and Host column
values of 'bob' and
'%.example.org', write the statement like
this:
SET PASSWORD FOR 'bob'@'%.example.org' = PASSWORD('cleartext password');
That is equivalent to the following statements:
UPDATE mysql.user SET Password=PASSWORD('cleartext password')
WHERE User='bob' AND Host='%.example.org';
FLUSH PRIVILEGES;
Another way to set the password is to use
GRANT:
GRANT USAGE ON *.* TO 'bob'@'%.example.org' IDENTIFIED BY 'cleartext password';
The old_passwords system
variable value determines the hashing method used by
PASSWORD(). If you specify the
password using that function and SET
PASSWORD rejects the password as not being in the
correct format, it may be necessary to set
old_passwords to change the
hashing method. For descriptions of the permitted values, see
Section 5.1.4, “Server System Variables”.
For more information about setting passwords, see Section 6.3.5, “Assigning Account Passwords”
SET PASSWORD may be recorded in
server logs or in a history file such as
~/.mysql_history, which means that
cleartext passwords may be read by anyone having read access
to that information. See Section 6.1.2, “Keeping Passwords Secure”.
If you are connecting to a MySQL 4.1 or later server using a pre-4.1 client program, do not change your password without first reading Section 6.1.2.4, “Password Hashing in MySQL”. The default password hashing format changed in MySQL 4.1, and if you change your password, it might be stored using a hashing format that pre-4.1 clients cannot generate, thus preventing you from connecting to the server afterward.
If you are using MySQL Replication, be aware that, currently, a
password used by a replication slave as part of a
CHANGE MASTER TO statement is
effectively limited to 32 characters in length; the password can
be longer, but any excess characters are truncated. This is not
due to any limit imposed by the MySQL Server generally, but
rather is an issue specific to MySQL Replication. (For more
information, see Bug #43439.)
User Comments
Add your own comment.