A MySQL account is defined in terms of a user name and the client host or hosts from which the user can connect to the server. The account also has a password. There are several distinctions between the way user names and passwords are used by MySQL and the way they are used by your operating system:
User names, as used by MySQL for authentication purposes, have
nothing to do with user names (login names) as used by Windows
or Unix. On Unix, most MySQL clients by default try to log in
using the current Unix user name as the MySQL user name, but
that is for convenience only. The default can be overridden
easily, because client programs allow any user name to be
specified with a -u
or
--user
option. Because this means that anyone
can attempt to connect to the server using any user name, you
cannot make a database secure in any way unless all MySQL
accounts have passwords. Anyone who specifies a user name for
an account that has no password is able to connect
successfully to the server.
MySQL user names can be up to 16 characters long. Operating system user names, because they are completely unrelated to MySQL user names, may be of a different maximum length. For example, Unix user names typically are limited to eight characters.
The limit on MySQL user name length is hard-coded in the
MySQL servers and clients, and trying to circumvent it by
modifying the definitions of the tables in the
mysql
database does not
work.
You should never alter any of the tables in the
mysql
database in any manner whatsoever
except by means of the procedure that is described in
mysql_upgrade. Attempting to redefine
MySQL's system tables in any other fashion results in
undefined (and unsupported!) behavior.
It is best to use only ASCII characters for user names and passwords because they are used in the authentication process before the character set information for the client connection is established.
MySQL passwords have nothing to do with passwords for logging in to your operating system. There is no necessary connection between the password you use to log in to a Windows or Unix machine and the password you use to access the MySQL server on that machine.
MySQL encrypts passwords using its own algorithm. This
encryption is the same as that implemented by the
PASSWORD()
SQL function but
differs from that used during the Unix login process. Unix
password encryption is the same as that implemented by the
ENCRYPT()
SQL function. See the
descriptions of the PASSWORD()
and ENCRYPT()
functions in
Encryption and Compression Functions.
From version 4.1 on, MySQL employs a stronger authentication
method that has better password protection during the
connection process than in earlier versions. It is secure even
if TCP/IP packets are sniffed or the mysql
database is captured. (In earlier versions, even though
passwords are stored in encrypted form in the
user
table, knowledge of the encrypted
password value could be used to connect to the MySQL server.)
Section 1.2.3, “Password Hashing in MySQL”, discusses password
encryption further.
When you install MySQL, the grant tables are populated with an
initial set of accounts. These accounts have names and access
privileges that are described in
Section 2.2, “Securing the Initial MySQL Accounts”, which also discusses how to
assign passwords to them. Thereafter, you normally set up, modify,
and remove MySQL accounts using statements such as
GRANT
and
REVOKE
. See
Account Management Statements.
When you connect to a MySQL server with a command-line client, you should specify the user name and password for the account that you want to use:
shell> mysql --user=monty --password=guess
db_name
If you prefer short options, the command looks like this:
shell> mysql -u monty -pguess
db_name
There must be no space between the
-p
option and the following password value. For
additional information about specifying user names, passwords, and
other connection parameters, see Connecting to the MySQL Server.