-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Y24-012 Security related RT 798566 #4043
Comments
Dual Passwords for MySQL Reference: MySQL 8.3 Reference |
The following procedure could be carried out for testing dual password feature (source referenced in #4043 (comment)) in a local MySQL 8.x database. Note: Creating the user and updating grants are not a part of this story. These steps are purely for completion purposes of the procedure.
mysql> SELECT VERSION();
+-----------+
| VERSION() |
+-----------+
| 8.3.0 |
+-----------+
1 row in set (0.01 sec)
mysql> CREATE USER 'sample_user'@'localhost' IDENTIFIED BY 'PASSWORD';
SELECT * FROM mysql.user; This displays all users and privileges. The user
mysql> GRANT ALL ON *.* TO 'sample_user'@'localhost' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec) Note that by providing all privileges, we're making this user as the same level as admin. We do this because the user needs to have
ALTER USER 'sample_user'@'localhost'
IDENTIFIED BY 'PASSWORD_2'
RETAIN CURRENT PASSWORD; This attaches another password
mysql -u sample_user -pPASSWORD_2;
mysql -u sample_user -pPASSWORD;
ALTER USER 'sample_user'@'localhost'
DISCARD OLD PASSWORD; |
Identified that the following databases are in the host
The following applications use the respective databases listed below.
|
credentials project was updated with the latest KeePassXC database, with the new password for The grace period for switching off the old password begins today, and ends in one month's time i.e., on 18th May, 2024. When the grace period ends, please use the following query to discard the old password: ALTER USER 'psdp'@'%' DISCARD OLD PASSWORD; Make sure to log in to the SQL console with the Note: How dual password mechanism work is, when you invoke |
Describe the Housekeeping
See security related RT 798566
The text was updated successfully, but these errors were encountered: