php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52799 Old password authentication with (PDO) MySQL native driver
Submitted: 2010-09-08 18:16 UTC Modified: 2010-09-08 19:41 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: php at diptyque dot net Assigned:
Status: Not a bug Package: PDO related
PHP Version: 5.3.3 OS: FreeBSD
Private report: No CVE-ID: None
 [2010-09-08 18:16 UTC] php at diptyque dot net
Description:
------------
Some PHP legacy code no longer works with the 5.3.3 MYSQLND-enabled [1] PDO MySQL driver -- I got 2 warnings and an exception is raised:

[07-Sep-2010 14:31:16] PHP Warning: PDO::__construct(): Premature end of data (mysqlnd_wireprotocol.c:554) in /my/path/to/php/auto/append.php on line xx
[07-Sep-2010 14:31:16] PHP Warning: PDO::__construct(): OK packet 1 bytes shorter than expected in /my/path/to/php/auto/append.php on line xx

Exception says that "mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication."

This is inconsistent with the behavior of the 5.3.3 MySQL extension built with MYSQLND support: I have even older PHP code that can connect to MySQL 4.1+ using the old insecure authentication scheme (!?) Go figure.

Of course, reverting to the PDO MySQL driver w/ classic MySQL client library support works.

[1] mysqlnd 5.0.7-dev - 091210 - $Revision: 300533 $


Test script:
---------------
<?php

try {

    $dbh = new PDO($sql->dsn, $sql->username, $sql->password);
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

}
catch (Exception $e) { /* ... */ }
// failure
?>

vs.

<?php

$dbh = mysql_pconnect(
	$mysql['hostname'], $mysql['username'], $mysql['password']
);
// success
?>

Expected result:
----------------
Why does old password authentication still works with MYSQLND-enabled MySQL extension but not with MYSQLND-enabled PDO MySQL driver?

Actual result:
--------------
SQLSTATE[HY000] [2000] mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-09-08 18:34 UTC] uw@php.net
-Status: Open +Status: Feedback
 [2010-09-08 18:34 UTC] uw@php.net
Because mysqlnd does not support it, ext/mysql - if using mysqlnd - can't support it. Please provide a test script which shows ext/mysql connecting while PDO_MySQL does not.
 [2010-09-08 19:23 UTC] php at diptyque dot net
Oops, my mistake. Wrote the test script and ext/mysql code cannot effectively connect using old authentication w/ enabled MYSQLND. The ext/mysql code I previously tested wasn't running on the same server (DNS changes for the hostname weren't applied yet; code was still running on the old server platform.)

Problem solved. Bogus report. Two alternatives. Either build ext/mysql, ext/mysqli and PDO MySQL w/o MYSQLND option to preserve compatibility with old passwords. Either update all MySQL passwords with enhanced authentication.

I believe a note stating that the old authentication scheme is not supported anymore should be added to the MySQL Native Driver manual.
 [2010-09-08 19:41 UTC] uw@php.net
-Status: Feedback +Status: Bogus
 [2010-09-08 19:41 UTC] uw@php.net
Thanks for the feedback! I'm quite sure its in the docs. I double check. 

Closing upon request of the bug reporter.
 [2010-09-10 16:15 UTC] php at diptyque dot net
Found! [1]

IMHO it should also be replicated in the MySQL native driver section [2] 

[1] <http://www.php.net/manual/en/migration53.incompatible.php>
[2] <http://fr.php.net/manual/en/book.mysqlnd.php>
 [2013-11-30 18:55 UTC] luisvillalta7 at gmail dot com
I do not know the password
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Feb 25 20:01:24 2021 UTC