Skip to content

old_passwords

Julien Schmidt edited this page Sep 29, 2017 · 10 revisions

What is old_passwords?

With MySQL version 4.1 (published in 2004!) came a protocol change, which introduced more secure password authentication. The variable old_password was added, which enables legacy support for the old password authentication but disables the new, more secure one. The old password authentication uses very weak hashing which is why it is considered insecure. You should not use it, if you don't need legacy support!

Since it is insecure and deprecated, Go-MySQL-Driver does not enable this old password authentication by default. If you depend on it, you can enable it explicitly by adding allowOldPasswords=true to your DSN.

How to disable it?

Set old_passwords to false in your my.cnf (my.ini on Windows), MySQL's configuration file. On Linux you will find this file at /etc/my.cnf.

The var old_passwords belongs to the mysqld section, if you can't find it there, just add it:

[mysqld]
old_passwords = 0

You may also need to regenerate your passwords. See http://code.openark.org/blog/mysql/upgrading-passwords-from-old_passwords-to-new-passwords for a full manual on how to upgrade.

Clone this wiki locally