BugzillaPasswordReset: Difference between revisions
(A HowTo for resetting Bugzilla passwords using MySQL) |
(a fix and some improvements) |
||
| Line 8: | Line 8: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles | $ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles | ||
SET cryptpassword = ENCRYPT( | SET cryptpassword = ENCRYPT("passwordstring") | ||
WHERE login_name="email.address@example.com";' | WHERE login_name="email.address@example.com";' | ||
</nowiki></pre> | </nowiki></pre> | ||
| Line 18: | Line 18: | ||
Be careful not to wipe everybody's passwords! | Be careful not to wipe everybody's passwords! | ||
'''SECURITY NOTICE''' typically, *nix shells save a history of commands you've entered on the commandline. This means that if you entered your new password literally, as in the example above, it will be saved in plain text to the disk. Also note that if you don't use the '''-e''' option, and instead enter your SQL from the '''mysql''' commandline client, the same outcome will typically result, just in '''~/.mysql_history''' as opposed to, for example, '''~/.bash_history'''. You may consider the '''srm''' or '''shred''' commands if you've already accidentally allowed this to happen and security is a concern. | === Avoid Inadvertently Saving Plaintext Passwords === | ||
'''SECURITY NOTICE''' typically, *nix shells save a history of commands you've entered on the commandline. This means that if you entered your new password literally, as in the example above, it will be saved in plain text to the disk. Also note that if you don't use the '''-e''' option, and instead enter your SQL from the '''mysql''' commandline client, the same outcome will typically result, just in '''~/.mysql_history''' as opposed to, for example, '''~/.bash_history'''. You may consider the '''srm''' or '''shred''' commands if you've already accidentally allowed this to happen and security is a concern. From '''bash''' you can clear your commandline history before it gets saved to disk by enter the command '''history -c''' before exiting the shell. Alternatively, you could use a clever command like the following: | |||
<pre><nowiki> | |||
$ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles | |||
SET cryptpassword = ENCRYPT("'`cat`'") | |||
WHERE login_name="email.address@example.com";' | |||
</nowiki></pre> | |||
With a command like this one, before being prompted for a password for the MySQL login (if you are using the '''-p''' option) you will have the opportunity to enter your password such that it will never be copied to your shell's command history. Be careful of entering characters which might be interpreted by MySQL (such as a quotation mark in this example) without proper escaping. Typically you terminate the password entry by sending one or two '''EOF''' characters, which is typically '''^d''' on most *nix systems. | |||
Revision as of 11:42, 28 January 2008
Resetting Bugzilla Passwords
I frequently forget my Bugzilla password at work because I rarely have to enter my password. If you haven't enabled Bugzilla to send email, as we haven't, here is at least one way you can reset your password without the use of email:
MySQL
Disclaimer: Don't just copy and paste this code.
$ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles
SET cryptpassword = ENCRYPT("passwordstring")
WHERE login_name="email.address@example.com";'
You will have to modify the invocation of the mysql command to correlate to your own configuration. With the -p option, you will be prompted for a password. If you know Bugzilla connects to the database without a password, omit this option. Also of note is that you can use the MySQL administrative user (typically 'root') instead of the username created for Bugzilla.
The WHERE clause can also accept other criteria (I, for instance, always use WHERE userid=1.)
Be careful not to wipe everybody's passwords!
Avoid Inadvertently Saving Plaintext Passwords
SECURITY NOTICE typically, *nix shells save a history of commands you've entered on the commandline. This means that if you entered your new password literally, as in the example above, it will be saved in plain text to the disk. Also note that if you don't use the -e option, and instead enter your SQL from the mysql commandline client, the same outcome will typically result, just in ~/.mysql_history as opposed to, for example, ~/.bash_history. You may consider the srm or shred commands if you've already accidentally allowed this to happen and security is a concern. From bash you can clear your commandline history before it gets saved to disk by enter the command history -c before exiting the shell. Alternatively, you could use a clever command like the following:
$ mysql -D bugzilla -u bugzilla -p -e 'UPDATE profiles
SET cryptpassword = ENCRYPT("'`cat`'")
WHERE login_name="email.address@example.com";'
With a command like this one, before being prompted for a password for the MySQL login (if you are using the -p option) you will have the opportunity to enter your password such that it will never be copied to your shell's command history. Be careful of entering characters which might be interpreted by MySQL (such as a quotation mark in this example) without proper escaping. Typically you terminate the password entry by sending one or two EOF characters, which is typically ^d on most *nix systems.