Manuel Schmitt (manitu) wrote:
Hi,
I'am searching for a way to have mysqld log all passwords which clients
are using ("trying") while connecting.
As to the documentation and to my trials neither the error log nor the
general query log contain passwords, only the usernames.
I already tried to g
I believe Daniel is correct. The passwords are hashed before leaving the
client. You may be able to capture invalid hashes but they are already
encrypted before they get to the server. I do not know of any event or
callback function you can use to tie into the server to trigger a logging
event.
On 3/5/06, Manuel Schmitt (manitu) <[EMAIL PROTECTED]> wrote:
> > is there a reason that the unknown passwords can't simply be reset?
>
> yes, because not all clients are currently known and resetting them
> would possibly break the application(s)
I am not pretty sure, but MySQL use to send encryp
> is there a reason that the unknown passwords can't simply be reset?
yes, because not all clients are currently known and resetting them
would possibly break the application(s)
--
Manuel Schmitt
- Geschäftsführer -
manit
> having an application log actual passwords (whether the login was
> successful or not) is a major security risk, hence no self-respecting,
> security-conscious application will do this. all that should be logged
> is the username attempted, along with a login success/failure
> indication, never t
Hi,
I'am searching for a way to have mysqld log all passwords which clients
are using ("trying") while connecting.
As to the documentation and to my trials neither the error log nor the
general query log contain passwords, only the usernames.
I already tried to get them via ethereal, but this sh
