• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Fun and Games with MySQL

 
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Likes 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have this Java application which I wrote many years ago, its purpose is to keep track of my bird sightings and report them in various ways. (And also to act as a test bed for me to try out new Java features.) When I converted it to Java from Turbo Pascal I decided it should use a proper database, so I installed MySQL and set up the tables and away we went.

And then last year I decided it was time to bring my system up to date, so I updated from MySQL 5.1 to MySQL 5.7. That worked fine and it didn't break anything; software installations are so much more reliable than they used to be. Back in the old days it was almost guaranteed that installing a new version was going to require some kind of disaster recovery, but not now.

So today I came back from hunting down the Wandering Tattler which showed up yesterday and went to input my sightings. But as soon as I started the application I got messages telling me that my password had expired.

Well. Little did I know that MySQL 5.7 by default causes passwords to expire after 360 days, and here I was, 360 days after installing it, dead in the water.

So, off to the web to find out how to unexpire the passwords. Of course there's plenty of information online about how to do that, not least in the MySQL documentation itself. Shouldn't be too hard. I only have two passwords, the admin password and the application password.

But I haven't run MySQL from the command line since shortly after I first installed it, which would have been around 2008. It just runs as a Windows service. So a MySQL administrator I'm not. But nevertheless I stumbled onward; after a couple of hours I managed to connect via the command line. But all of my passwords had expired, so signing on as admin wasn't helpful because its password had expired and it wasn't allowed to do anything until an administrator had provided a new one. Unfortunately the approach of having admin set up new passwords was what most pages were recommending.

I briefly considered installing a fresh copy of MySQL and then copying my database tables over into the new copy, but then my sanity returned.

Finally I found the MySQL parameter which says "Don't bother with the authorization business". And then I figured out how to get the Windows service to start with that parameter set. And that was it! I could run the MySQL command line and do ALTER USER to my heart's content. Including making the passwords never expire. Now back to real life.
 
Bartender
Posts: 598
26
Oracle Notepad Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security features are often poorly implemented. It's just another reason to hate mySQL.
 
Paul Clapham
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The trouble with security features, no matter how well implemented they are, is that they require a competent person to manage them. And competent security managers are not easily found. Worse, most people would just like to get something, anything, set up which claims to be security and doesn't require constant attention. (See my original post for an example.) That approach may result in a secure system but if it does, it's only by luck.
 
reply
    Bookmark Topic Watch Topic
  • New Topic