2
edits
BugzillaPasswordReset: Difference between revisions
a fix and some improvements
(A HowTo for resetting Bugzilla passwords using MySQL) |
(a fix and some improvements) |
||
| Line 8: | Line 8: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles | $ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles | ||
SET cryptpassword = ENCRYPT( | SET cryptpassword = ENCRYPT("passwordstring") | ||
WHERE login_name="email.address@example.com";' | WHERE login_name="email.address@example.com";' | ||
</nowiki></pre> | </nowiki></pre> | ||
| Line 18: | Line 18: | ||
Be careful not to wipe everybody's passwords! | Be careful not to wipe everybody's passwords! | ||
'''SECURITY NOTICE''' typically, *nix shells save a history of commands you've entered on the commandline. This means that if you entered your new password literally, as in the example above, it will be saved in plain text to the disk. Also note that if you don't use the '''-e''' option, and instead enter your SQL from the '''mysql''' commandline client, the same outcome will typically result, just in '''~/.mysql_history''' as opposed to, for example, '''~/.bash_history'''. You may consider the '''srm''' or '''shred''' commands if you've already accidentally allowed this to happen and security is a concern. | === Avoid Inadvertently Saving Plaintext Passwords === | ||
'''SECURITY NOTICE''' typically, *nix shells save a history of commands you've entered on the commandline. This means that if you entered your new password literally, as in the example above, it will be saved in plain text to the disk. Also note that if you don't use the '''-e''' option, and instead enter your SQL from the '''mysql''' commandline client, the same outcome will typically result, just in '''~/.mysql_history''' as opposed to, for example, '''~/.bash_history'''. You may consider the '''srm''' or '''shred''' commands if you've already accidentally allowed this to happen and security is a concern. From '''bash''' you can clear your commandline history before it gets saved to disk by enter the command '''history -c''' before exiting the shell. Alternatively, you could use a clever command like the following: | |||
<pre><nowiki> | |||
$ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles | |||
SET cryptpassword = ENCRYPT("'`cat`'") | |||
WHERE login_name="email.address@example.com";' | |||
</nowiki></pre> | |||
With a command like this one, before being prompted for a password for the MySQL login (if you are using the '''-p''' option) you will have the opportunity to enter your password such that it will never be copied to your shell's command history. Be careful of entering characters which might be interpreted by MySQL (such as a quotation mark in this example) without proper escaping. Typically you terminate the password entry by sending one or two '''EOF''' characters, which is typically '''^d''' on most *nix systems. | |||