ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    MySQL MariaDB password reset without knowing the password

    IT Discussion
    centos mysql mariadb
    9
    29
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @dbeato
      last edited by

      @dbeato said in MySQL MariaDB password reset without knowing the password:

      Not recalling which rant in particular, you'd have to remind me. But I don't think so.

      That's from months ago, not nearly recent, and that was an ESXi/Dell issue I was ranting about.

      1 Reply Last reply Reply Quote 0
      • dafyreD
        dafyre @DustinB3403
        last edited by

        @DustinB3403 said in MySQL MariaDB password reset without knowing the password:

        So I've been able to reset the root mysql user password, which is great, so now that's secured and functional. Now I just need to change the database user password and update the config file for said new password.

        But to figure out how the password is hashed. . .

        That should be easy as above... Change the DB user's password, and then update the config file in the application to use the right password.

        Did that not work?

        DustinB3403D 1 Reply Last reply Reply Quote 0
        • DustinB3403D
          DustinB3403 @dafyre
          last edited by

          @dafyre said in MySQL MariaDB password reset without knowing the password:

          @DustinB3403 said in MySQL MariaDB password reset without knowing the password:

          So I've been able to reset the root mysql user password, which is great, so now that's secured and functional. Now I just need to change the database user password and update the config file for said new password.

          But to figure out how the password is hashed. . .

          That should be easy as above... Change the DB user's password, and then update the config file in the application to use the right password.

          Did that not work?

          It didn't because the config file has the password hashed, so I'm looking into how that is hashed from the dev so I can update it there.

          I think this topic is closed just need to figure out the program side config file.

          1 Reply Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403
            last edited by

            Which, the password is hashed in mysql, so it's not in plain text, and from that it gets hashed and put into the config file that the program uses.

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403
              last edited by DustinB3403

              Okay so the password is actually in plain text in the config file. . . so now that I know that I can update the password and go from there.

              And here I thought it was hashed. . .

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403
                last edited by

                Which also means, now that I know what the password is, I don't need to change it. . .

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @DustinB3403
                  last edited by JaredBusch

                  @DustinB3403 said in MySQL MariaDB password reset without knowing the password:

                  Okay so the password is actually in plain text in the config file. . . so now that I know that I can update the password and go from there.

                  And here I thought it was hashed. . .

                  This is normal usage for applications. There is no point in storing a password any other way.

                  If you need to log in to a system, you send the username and password. Nothing ever sends a hashed password to login. Just WTF led to even thinking that?

                  So because of that why store it in any weird form? It will have to be reversed into the raw password anyway to log in.

                  3220e00f-7bab-4244-a898-c917300e2f73-image.png

                  DustinB3403D 1 Reply Last reply Reply Quote 1
                  • JaredBuschJ
                    JaredBusch
                    last edited by

                    These log ins are "secure" assuming they are only allowed to connect via lcoalhost and such.

                    As is obvious by your acquisition of the root password, there is no point in any thing else, as once console access is obtained, the system is 100% open to any attacker anyway.

                    DustinB3403D 1 Reply Last reply Reply Quote 1
                    • DustinB3403D
                      DustinB3403 @JaredBusch
                      last edited by

                      @JaredBusch said in MySQL MariaDB password reset without knowing the password:

                      Just WTF led to even thinking that?

                      The password looked like a hash, thus I was investigating it. It makes sense, now that I've gone through the entire process, I don't deal with mysql in my regular day to day.

                      Just still seems weird to have the password in plaintext on in a config file.

                      JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @JaredBusch
                        last edited by

                        @JaredBusch said in MySQL MariaDB password reset without knowing the password:

                        These log ins are "secure" assuming they are only allowed to connect via lcoalhost and such.

                        They are limited to the localhost, so yeah it's all set now.

                        1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @DustinB3403
                          last edited by JaredBusch

                          @DustinB3403 said in MySQL MariaDB password reset without knowing the password:

                          @JaredBusch said in MySQL MariaDB password reset without knowing the password:

                          Just WTF led to even thinking that?

                          The password looked like a hash, thus I was investigating it. It makes sense, now that I've gone through the entire process, I don't deal with mysql in my regular day to day.

                          Just still seems weird to have the password in plaintext on in a config file.

                          No, you seem weird for thinking such. It is standard, and it has nothing to do with MySQL or Linux. The exact same can be seen with IIS connecting to MS SQL. or any other example you can think of.

                          Here is something on an Azure web service connecting to an Azure SQL database.
                          a2fc25e8-eb33-496e-b7f4-b144cab09c09-image.png

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @DustinB3403
                            last edited by

                            @DustinB3403 said in MySQL MariaDB password reset without knowing the password:

                            Just still seems weird to have the password in plaintext on in a config file.

                            has to be somewhere, how else can an application connect? Look at WordPress, for example, you have to enter the password into the application so that the application can connect to the database. Otherwise, the database would have to have no password protection at all or you'd need a human to log in and enter the password every time a database connection was needed (which is normally thousands of times a minute.)

                            1 Reply Last reply Reply Quote 0
                            • 1
                            • 2
                            • 2 / 2
                            • First post
                              Last post