PHP 5.5 / MySQL / old-passwords

Hi guys,

I recently upgraded PHP to v5.5.10.

After doing so, I noticed that the two sites currently on the server could not connect to MySQL, because old-passwords were switched on. I promptly edited my.cnf, set old-passwords=0, re-created my MySQL users and everything was up and running again.

What’s the problem, you may wonder?

Well, reading around the forums and site, switching off old-passwords seems not to be a recommended course of action. For example:

http://forums.interworx.com/threads/7930-MySql-old-passwords-and-SiteWorx-PhpMyAdmin

I don’t seem to be experiencing any ill-effects. I’m certainly not having any of the issues stated in the above thread. I’ve also tried using various other features of Siteworx and Nodeworx, and have not encounted any problems.

So, my question - am I okay to keep old-passwords set to 0, or am I inviting calamity to fall upon me when I least expect it?

Thanks in advance for any advice.

Hi sim79

I hope you don’t mind but I don’t think you did not fully reset the IW MySQL password to new hash, and therefore would not experience the failure.

The biggest issue you may face would be if the IW MySQL was updated, IW would not connect but your siteworx sites should still keep working in your setup.

To revert the above if it happens, simply set the old password to 1 and reset the IW hash password, then you can set back as you wish.

I hope that helps and sorry if I am wrong, but it is possible to run 2 different password hashes for v4 and v5.

Many thanks

John

Hi John,

Thank you for your quick reply.

To be sure we are both on the same page, could you clarify what you mean by the IW MySQL password, and where I may go to reset it?

I will then test and let you know the outcome.

Thanks again.

Hi sim79

Many thanks, please see this post from Robert, who was one of the first to point this out, if not the first.

Many thanks

John

http://forums.interworx.com/showthread.php?t=7918

Hi John,

Aha! I do see the error message now, after changing the iworx user password.

I’ll have to give this some thought, as I’m quite keen to have old-passwords disabled (not only to maintain compatibility with PHP’s mysqlnd driver, but also because we use the newer password hashing algorithm on our servers as policy).

Anyway, thank you John for your invaluable and prompt advice. It’s very much appreciated.

Hi sim79

I would consider that you should be alright, if you disable the old password hash, but leave the IW hash as old password ie set the IW hash password with MySQL set to 1, then disable and restart MySQL.

This should continue to work normally and all siteworx MySQL will be with new hash passwords.

Your issue would be if the IW hash password were to be updated, but then you would see the error and to simply revert back to old hash as above.

The IW MySQL as far as I know, is not set for external connections, and is internal only, so I would think the chance of been compromised by this is very small, but not impossible of course, but then nothing is 100% secure.

I hope that helps a little

Many thanks

John

Hello,

How did you upgraded to 5.10 ? what repos did you use?

Thank you

Paulo

[QUOTE=paulo;25560]Hello,

How did you upgraded to 5.10 ? what repos did you use?

Thank you

Paulo[/QUOTE]

That was released on the 6th March, they are on 5.5.12 now: http://php.net/ChangeLog-5.php

You can use the remi repo for this:

Centos 5:

wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
sudo rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

nano /etc/yum.repos.d/remi.repo

Centos 6:

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

nano /etc/yum.repos.d/remi.repo

The inside remi.repo, enable the main remi & remi55 (enabled=1)

Eg:

[remi]
name=Les RPM de remi pour Enterprise Linux 6 - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/6/remi/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/6/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-php55]
name=Les RPM de remi de PHP 5.5 pour Enterprise Linux 6 - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/6/php55/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/6/php55/mirror

WARNING: If you enable this repository, you must also enable “remi”

enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi


[SIZE=3]Please note use PHP5.5.x at your own risk, some times it can muck up due to the old passwords issue above.[/SIZE]

Hello,

I normally use the repos @ http://webtatic.com/ to update php and mysql, not had any issues at all :smiley:

Has anybody gotten Softaculous or Simple Scripts to work with this? If you set old-passwords=0 then Softaculous/Simple Scripts cannot install anything (MySQL connection error), if you set old-passwords=1 then the installation will go fine but then the installed script won’t work until you convert the password to the new format (which is not a valid solution since the point of a quick install system is for clients who don’t know how to muck around in the database).

Hi Kujoe

I hope you don’t mind, but to be sure I have just run this through our test server we currently have setup, and it works lovely.

I think you may have set the IW password, when making your Mysql hash change as well, if so, reset it back to old hash, restart Mysql, then change the hash in my.cnf, which you may need to update any users passwords.

This should then leave IW to work as normal, and allow simplecripts/softculous to work normally, albeit I did not try softculous as we ahve not set any licence on test server.

I hope that helps and sorry if I am wrong.

Many thanks

John

Right now the only MySQL user that has the old password hash is iworx because if you update iworx to the new password hash nothing MySQL related works in Nodeworx anymore. I’ll play with it some more, but I can’t get Wordpress installed and working with Simple Scripts or Softaculous regardless of the setting in /etc/my.cnf

Hi kujoe

To be honest, I don’t think it’s related to MySQL hashing.

I think but could be wrong the word press you maybe trying to install needs a higher php then perhaps you have.

As I said though, it’s just a thought in back of my mind, that WP changed to a higher php version, but could be thinking of something completely different.

I hope that helps

Many thanks

John

If Wordpress only works on PHP 5.6 then they are going in the wrong direction. :stuck_out_tongue:

I have confirmed the problem is related to the hashing because I can get it to work by changing the hashing but I can’t get it to work 100% out of the box and it requires manual intervention (which I am trying to avoid).

Hi kujoe

If you post your exact steps to reproduce this I’ll have a test on our system and let you know if we can reproduce the issue.

My test using simplescripts was with old password 0 restarted MySQL, used simplescripts to install a pic gallery, tested by logging into it, then reset old password 1, restarted MySQL and re logged back into gallery. All worked lovely.

Many thanks

John

Hi Kujoe

If you don’t mind, I’ll PM you a login detail to a new WP install from simplescripts, using the following:

reset my.cnf old password 0
restarted Mysql
run a WP install using simplescripts (sorry we do not have a softculous licence for test server)
tested by logging into WP, then logged out
reset my.cnf to old password 1
restarted Mysql
testwd by logging into WP then logged out

It was installed using new hash, then mysql reverted back to oldpassword, and all works lovely.

I hope this helps you resolve your issue

Many thanks

John

Can you let me know what version of PHP and MySQL you are running? I’m still not having any luck.

Hi kujoe

The test server is set using defaults, php and MySQL have not been upgraded as yet as we are testing in line through our lists, and making changes as we need too.

Many thanks

John

Looks like the problem was with PHP 5.5/mysqlnd, I removed both and install PHP 5.4 and everything is playing nicely now. I now regret coding my new scripts to not be compatible with PHP 5.4 or lower. :frowning:

Hello,

we use Atomicorp repos php 5.4.31 with mysql 5.5.39 and all is running smoothly :slight_smile:
https://www.atomicorp.com/channels/atomic/centos/6/

Regards,
ajsss