Database user passwords handling

Discussion in 'General' started by congo, May 26, 2016.

  1. congo

    congo New Member


    I've been using ISPconfig3 for many years on a small system. Currently I am on version

    Some time ago (maybe it was a few years ago) it seems something was changed regarding the MySQL password handling.
    I can see in the dbispconfig.web_database_user table that up to a point all passwords are stored in cleartext, and from a point there seem to be hashed passwords.
    However the value (hash) in the web_database_user.database_password column is the exact password that gets used when creating or modifying database users. So it is not used as a hash, but as if it was a plaintext password. This means when I create a database user, I cannot log in with the password specified when creating the user, but can log in if I use the hash value from the web_database_user.database_password column for that user. I hope my description makes sense.

    Can anybody help me in what I can do to remediate this situation? Probably I screwed up something with the upgrade when the password handling was changed, and my system has been working in the wrong way since then... :(

    Thanks in advance!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The passwords are stored as standard mysql hashes (mysql password() function) and these are real hashes, so not the cleartext password. The mysql commands that ispconfig uses to set the password in the mysql.user table recognize the passwords as hashes and treat them differently from cleartext passwords (they write them directly to mysql.user instead of hashing them again) so that ispconfig can store the passwords as hashes for security reasons now while the had been stored in cleartext in some older versions. I must admit that I have no clue why the mysql on your server seems to treat the hashes has as cleartext. Which mysql version do you use?
  3. congo

    congo New Member

    I use MySQL 5.0.95, the standard package that came with CentOS 5 (mysql-server-5.0.95-5.el5_9).

Share This Page