Comments on: MySQL client password security http://ronaldbradford.com/blog/mysql-client-password-security-2012-08-15/ Expert times and information on MySQL Thu, 09 May 2013 15:50:26 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Todd Farmer http://ronaldbradford.com/blog/mysql-client-password-security-2012-08-15/comment-page-1/#comment-15469 Todd Farmer Thu, 16 Aug 2012 16:15:54 +0000 http://ronaldbradford.com/blog/?p=4110#comment-15469 I've published the following blog entry to help clarify what this enhancement is meant to accomplish, as well as what it explicitly does NOT do: http://mysqlblog.fivefarmers.com/2012/08/16/understanding-mysql_config_utilitys-security-aspects/ I’ve published the following blog entry to help clarify what this enhancement is meant to accomplish, as well as what it explicitly does NOT do:

http://mysqlblog.fivefarmers.com/2012/08/16/understanding-mysql_config_utilitys-security-aspects/

]]> By: Sergei Golubchik http://ronaldbradford.com/blog/mysql-client-password-security-2012-08-15/comment-page-1/#comment-15455 Sergei Golubchik Wed, 15 Aug 2012 20:38:25 +0000 http://ronaldbradford.com/blog/?p=4110#comment-15455 This encryption is not much better than ROT13. Strictly speaking, it's obfuscation, which only prevents the password from being stored as plain-text. MySQL uses AES to encrypt the password, but both the encrypted password and the encryption key are stored in the same .mylogin.cnf file. This encryption is not much better than ROT13. Strictly speaking, it’s obfuscation, which only prevents the password from being stored as plain-text.

MySQL uses AES to encrypt the password, but both the encrypted password and the encryption key are stored in the same .mylogin.cnf file.

]]>