seo Question posted in
Some basic information to get you started with this can be found here.

"Mysql" user has password "invalid" – is this the normal thing? – SEO

I cannot find answer on google on that anywhere (because of SEO and nature of english language I cannot ask correct question as I am not native)
I’ll try to explain as simple as I can:

  1. I connected to mysql as root
  2. Did use mysql;
  3. Did select user,host,password from mysql.user;

I got in response:

+---------+-----------+-------------------------------------------+
| User    | Host      | Password                                  |
+---------+-----------+-------------------------------------------+
| root    | localhost | *5298BA3BC4092F7B664B1A71FE173FBA4F8C6BA1 |
| mysql   | localhost | invalid                                   |

Is this normal? After my server was hacked, I rebuild it from scratch, reinstalled mariadb with the same settings as before but I don’t remember if this is normal.
MariaDB version is:
mysql Ver 15.1 Distrib 10.4.11-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

I have very large database (over 4GB) and cannot do a single query on it because error 2013 (i.e. “Lost connection to MySQL server during query”) so I am trying to narrow the cause of malfunction. Struggling with the problem for 5 days and I am out of options so just curious if this may have something to do with it.

Tags:

2

Answers


  1. 0

    It’s not very clear in their documentation, but it appears to be the normal initial string for a user’s password:

    https://mariadb.com/kb/en/authentication-from-mariadb-104/

    … an invalid password is initially set, so in order to authenticate this way, a password must be set with SET PASSWORD.

    Later in the same page:

    … the old authentication method — conventional MariaDB password — is still available. By default it is disabled (“invalid” is not a valid password hash), but one can set the password with a usual SET PASSWORD statement.

    The string “invalid” is used instead of a legitimate hash string, because there’s no way any password you type could be hashed and result in the string “invalid.” That string isn’t even the right length to be the result of a hash. Also, it contains characters that are not valid hexadecimal digits.

    Practically any other word or phrase could be stored in place of the word “invalid,” this is just what the developer chose to use.

    Note this trick of storing a non-hash string in the field intended for a password hash doesn’t work in MySQL 5.7. I’ve seen this trick used before in MySQL 5.6, but when we upgraded to MySQL 5.7, it wouldn’t accept a string in that place unless it was a valid hash string.

    Login or Signup to reply.
  2. 0

    The short answer:

    Nothing is wrong with your user credentials, and unless you don’t have a good reason for there is no need to change the password.

    The long answer:

    Since MariaDB 10.4.3 the default authentication method for connections using the unix socket (connecting to localhost without specifying a TCP port) is the unix_socket authentication. Unix socket authentication doesn’t require a password anymore:

    When the client opens a connection to the server, the server checks the uid of the process which opened the socket connection and retrieves the user name associated to the uid.

    A major advantage of this authentication method is that no additional plug-in is required on the client side, so all database driver will support this authentication method out of the box.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search