So when do you think you’ll upgrade to mysql 4.1 ?
I’m in the process of making a 4.1 SRPM just for testing Pascal which you’re welcome to use if you’d like. As for when it will “officially” be supported there’s no ETA yet.
I think MYSQL 4.1 uses a different encryption algoritm than the previous versions ?
If I remember well it now use a 45 bit password encryption algorithm (SHA-1) rathen than MD5.
The problem is this new algorithm is not compatible with PHP 4.3 ?
Pascal,
I don’t think the authentication has changed at all between MySQL 4.0 and 4.1. I could be wrong, but we didn’t need to change anything between 4.0 and 4.1.
Auth did change a tad between 4 and 4.1 and there are methods to make the upgrade seamless if you’ve config’d MySQL correctly which it seems you have gethosted :).
From the MySQL manual:
Password-Handling Changes:
The password hashing mechanism has changed in 4.1 to provide better security, but this may cause compatibility problems if you still have clients that use the client library from 4.0 or earlier. (It is very likely that you will have 4.0 clients in situations where clients connect from remote hosts that have not yet upgraded to 4.1.) The following list indicates some possible upgrade strategies. They represent various tradeoffs between the goal of compatibility with old clients and the goal of security.
* Only upgrade the client to use 4.1 client libraries (not the server). No behavior will change (except the return value of some API calls), but you cannot use any of the new features provided by the 4.1 client/server protocol, either. (MySQL 4.1 has an extended client/server protocol that offers such features as prepared statements and multiple result sets.) See section 21.2.4 C API Prepared Statements.
* Upgrade to 4.1 and run the mysql_fix_privilege_tables script to widen the Password column in the user table so that it can hold long password hashes. But run the server with the --old-passwords option to provide backward compatibility that allows pre-4.1 clients to continue to connect to their short-hash accounts. Eventually, when all your clients are upgraded to 4.1, you can stop using the --old-passwords server option. You can also change the passwords for your MySQL accounts to use the new more secure format.
* Upgrade to 4.1 and run the mysql_fix_privilege_tables script to widen the Password column in the user table. If you know that all clients also have been upgraded to 4.1, don't run the server with the --old-passwords option. Instead, change the passwords on all existing accounts so that they have the new format. A pure-4.1 installation is the most secure.
* Some notes about upgrading from MySQL 4.0 to MySQL 4.1 on Netware: Make sure to upgrade Perl and PHP versions. Download Perl 5 for Netware from http://forge.novell.com/modules/xfmod/project/?perl5) and PHP from http://forge.novell.com/modules/xfmod/project/?php.
Further background on password hashing with respect to client authentication and password-changing operations may be found in section 5.5.9 Password Hashing in MySQL 4.1 and section A.2.3 Client does not support authentication protocol.
