Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:43541
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.167 as permitted sender)
DomainKey-Status: bad
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        b=SETIpCp+OHWlcgYwsXsnfZiT3IIojWvf/+eeFcaDWKBvj6MFrylSjoxCGzUG0b5NyB
         jKKAqAR3RpnFPUp24b33q3OQhwMqUte+J9pLSdl7TZLguZz+/p8z9DBMqjXZQiKYcftR
         MjEKKvL6EY+SRgf7O+/RE+IXSwlWMBm3d7KGk=
Message-ID: <49D0A23F.6050602@gmail.com>
Date: Mon, 30 Mar 2009 13:43:11 +0300
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b3pre) Gecko/20090223 Thunderbird/3.0b2
MIME-Version: 1.0
To: Andrey Hristov <php@hristov.com>
CC: Ulf Wendel <ulf.wendel@phpdoc.de>, 
 'PHP Internals' <internals@lists.php.net>
References: <49D07544.7060406@gmail.com> <49D07D1E.4020509@phpdoc.de> <49D08785.30206@gmail.com> <49D0A03F.9000503@hristov.com>
In-Reply-To: <49D0A03F.9000503@hristov.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] mysqlnd problems
From: ionut.g.stan@gmail.com ("Ionut G. Stan")

Thanks Andrey, your explanations cleared all my uncertainties.

On 3/30/2009 13:34, Andrey Hristov wrote:
>  Hi,
> Ionut G. Stan wrote:
>> Hi Ulf,
>>
>> Thanks for the answer, but let me understand this better.
>>
>> The old mysql API did not support the auth protocol of MySQL 4.1+, 
>> but only lower,
>> while the new mysqlnd API only supports MySQL 4.1+ auth protocol. At 
>> least this
>> is what I understand from the error message, your response and the 
>> note on this page[1]
>> which refers specifically to PHP.
>
> No. libmysql supports both authentication methods, versions of 
> libmysql 4.1+. The old pre-4.1 insecure one and the new post-4.1 
> secure authentication. What is different? The password hash in 
> mysql.user is of a different length. While with the years it has been 
> good to have a smooth transition, with just a recompile, I think it is 
> high time that the dbas should secure their systems and change the 
> passwords. In web environments you don't have too many users, usually 
> just one, which will need a new password set. Just use the statement 
> for setting the password and set it to the same as current, then it 
> will work. Also, mysqlnd doesn't work with servers which are pre-4.1. 
> Windows developers don't get this as download option at all - mysql 
> 4.0 or 3.2x.x servers.
>
>>
>> Is that true? If yes, then this should be stressed on the mysqlnd 
>> manual page[2] so that
>> people can do what suits them best - update passwords or compile PHP 
>> with the MySQL
>> client library. There are a lot of legacy applications using mysql_* 
>> functions that are working
>> right now because the auth protocol is the old one (as in my case).
>
> They are working either because the used libmysql is 3.23, a lpgl one, 
> or 4.0, because the server used is old. In the case of 4.1, 5.0 and 
> 5.1 servers it is just laziness to change the password. It is written 
> somewhere in the documentation about upgrading from 4.0 to 4.1.
>
>> Sorry if I somehow missed such warnings in the manual.
>>
>> There's also the problem of Windows binaries. Lots of people are 
>> developing on Windows
>> and host their work where they have little control over the MySQL 
>> configuration. People
>> compiling PHP on Windows are rare and even some Linux sysadmins are 
>> afraid/don't have
>> the knowledge to compile PHP with special arguments (my sysadmin). In 
>> my opinion there's
>> a problem right here that would have been best solved with some 
>> php.ini setting.
>
> On public hosting it should be very rare to get MySQL Server 4.0 or 
> earlier. With 4.1 and up everything is fine, just re-set your password.
>
>>
>> Cheers,
>>
>> [1] http://dev.mysql.com/doc/refman/4.1/en/old-client.html
>> [2] http://php.net/mysqli.mysqlnd
>>
>>
>> On 3/30/2009 11:04, Ulf Wendel wrote:
>>> Ionut G. Stan schrieb:
>>>> Warning: mysql_connect() [function.mysql-connect]: OK packet 6 
>>>> bytes shorter than expected in {filename} on line 18
>>>> Warning: mysql_connect() [function.mysql-connect]: mysqlnd cannot 
>>>> connect to MySQL 4.1+ using old authentication in {filename} on 
>>>> line 18
>>>
>>> This says everything. You cannot use old authentication with mysqlnd.
>>>
>>> Upgrade you server passwords to the more recent and more secure 
>>> authentication method or recompile PHP with libmysql (MySQL Client 
>>> Library) support. Check ./configure --help | grep -C3 mysql and 
>>> http://www.php.net/manual/en/mysql.installation.php .
>>>
>>> Ulf
>>>
>>
>
> Best,
> Andrey
>

-- 
Ionut G. Stan
I'm under construction  |  http://igstan.blogspot.com/