A MySQL account is defined in terms of a user name and the client host or hosts from which the user can connect to the server. The account also has a password. There are several distinctions between the way user names and passwords are used by MySQL and the way they are used by your operating system:
          User names, as used by MySQL for authentication purposes, have
          nothing to do with user names (login names) as used by Windows
          or Unix. On Unix, most MySQL clients by default try to log in
          using the current Unix user name as the MySQL user name, but
          that is for convenience only. The default can be overridden
          easily, because client programs allow any user name to be
          specified with a -u or
          --user option. Because this means that anyone
          can attempt to connect to the server using any user name, you
          cannot make a database secure in any way unless all MySQL
          accounts have passwords. Anyone who specifies a user name for
          an account that has no password is able to connect
          successfully to the server.
        
MySQL user names can be up to 16 characters long. Operating system user names, because they are completely unrelated to MySQL user names, may be of a different maximum length. For example, Unix user names typically are limited to eight characters.
            The limit on MySQL user name length is hard-coded in the
            MySQL servers and clients, and trying to circumvent it by
            modifying the definitions of the tables in the
            mysql database does not
            work.
          
            You should never alter any of the tables in the
            mysql database in any manner whatsoever
            except by means of the procedure prescribed that is
            described in Section 4.4.5, “mysql_fix_privilege_tables — Upgrade MySQL System Tables”.
            Attempting to redefine MySQL's system tables in any other
            fashion results in undefined (and unsupported!) behavior.
          
          MySQL user names can be up to 16 characters long.
          Changing the maximum length is not
          supported. If you try to change it, for example by
          changing the length of the User column in
          the mysql database tables, this will result
          in unpredictable behavior. (Altering privilege tables is not
          supported in any case.) Operating system user names might have
          a different maximum length. For example, Unix user names
          typically are limited to eight characters.
        
It is best to use only ASCII characters for user names and passwords because they are used in the authentication process before the character set information for the client connection is established.
MySQL passwords have nothing to do with passwords for logging in to your operating system. There is no necessary connection between the password you use to log in to a Windows or Unix machine and the password you use to access the MySQL server on that machine.
          MySQL encrypts passwords using its own algorithm. This
          encryption is the same as that implemented by the
          PASSWORD() SQL function but
          differs from that used during the Unix login process. Unix
          password encryption is the same as that implemented by the
          ENCRYPT() SQL function. See the
          descriptions of the PASSWORD()
          and ENCRYPT() functions in
          Section 11.10.2, “Encryption and Compression Functions”.
        
          From version 4.1 on, MySQL employs a stronger authentication
          method that has better password protection during the
          connection process than in earlier versions. It is secure even
          if TCP/IP packets are sniffed or the mysql
          database is captured. (In earlier versions, even though
          passwords are stored in encrypted form in the
          user table, knowledge of the encrypted
          password value could be used to connect to the MySQL server.)
          Section 5.4.2.3, “Password Hashing in MySQL”, discusses password
          encryption further.
        
      When you install MySQL, the grant tables are populated with an
      initial set of accounts. These accounts have names and access
      privileges that are described in
      Section 2.10.3, “Securing the Initial MySQL Accounts”, which also discusses how to
      assign passwords to them. Thereafter, you normally set up, modify,
      and remove MySQL accounts using statements such as
      GRANT and
      REVOKE. See
      Section 12.4.1, “Account Management Statements”.
    
When you connect to a MySQL server with a command-line client, you should specify the user name and password for the account that you want to use:
shell> mysql --user=monty --password=guess db_name
If you prefer short options, the command looks like this:
shell> mysql -u monty -pguess db_name
      There must be no space between the
      -p option and the following password value. See
      Section 4.2.2, “Connecting to the MySQL Server”.
    
      The preceding commands include the password value on the command
      line, which can be a security risk. See
      Section 5.4.2.2, “End-User Guidelines for Password Security”. To avoid this problem,
      specify the --password or -p
      option without any following password value:
    
shell>mysql --user=monty --passwordshell>db_namemysql -u monty -pdb_name
      When the password option has no password value, the client program
      prints a prompt and waits for you to enter the password. (In these
      examples, db_name is
      not interpreted as a password because it is
      separated from the preceding password option by a space.)
    
On some systems, the library routine that MySQL uses to prompt for a password automatically limits the password to eight characters. That is a problem with the system library, not with MySQL. Internally, MySQL does not have any limit for the length of the password. To work around the problem, change your MySQL password to a value that is eight or fewer characters long, or put your password in an option file.


User Comments
Add your own comment.