To recap on the issue I had in my presentation re: "How to turn your Mac into a database-driven web server"
at the June meeting, I had got to the stage of installing mySQL and configuring it via the terminal, but I could get no PHP scripts to access the database do to a conflict with "old" password hashing and the "new-style" 4.1.x passwords that mySQL uses.
Even when specifying that you want to set a user's password in the old style, using OLD_PASSWORD('password'), it still wouldn't work properly with PHP scripts.
I haven't had much time to look at it until the past couple of days, and what I can see on my development system (G5) and my production Linux box (running Red Hat AS 4 on an AMD3200 - I think) is that they are both configured with "old_passwords=1". I can see on the Linux box that the file "/etc/my.cnf" has this configured in the mysqld block.
On the otherhand, on the Mac, it would be appear to be using this file for configuring the startup parameters first:
and in that file it says it will then load any information from /etc/my.cnf. This file isn't present on new installations of the Mac OS version of mySQL.
I hope you're still following...
On my normal development machine, I'm running mySQL 4.1.16-standard. I can't remember if I've upgraded from older versions, but I suspect I have. I've never had to sort any issue out with the OLD_PASSWORDS option. No "/etc/my.cnf" present.
On the new development drive I set up for the presentation, it's got mySQL 4.1.20-standard. It doesn't have an "/etc/my.cnf" file either. However, once I created one, with only these two lines:
It worked properly.
Because I want to complete this documentation properly and provide the best and easiest information to help people get to the next level, I'd like to have some advice and opinions on the following:
- Do we settle for the old_password option? The new password scheme is supposed to be more secure, but was the old scheme THAT insecure?
- Does anyone know if Apple will be updating PHP with the mysqli extension, which is required for the new password hashing? If not, shall I add "Compiling a version of PHP with mysqli" in the documentation?
- Did I leave the iron on?