3

In MySQL documentation for PASSWORD function:

The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.

Why we shouldn't use this function in our application?

Improve this question

1 Answer 1

Reset to default
2

A few reasons I can think of

  1. It's a fast hash (SHA1 I believe) which isn't a good property for password hashes.

  2. They might change what hash it uses in a future version of MySQL, breaking your application. They've already done this once, hence the OLD_PASSWORD() function.

  3. It doesn't naturally use a salt (although you could use a salt with it if you wanted to by appending it to the password before calling the PASSWORD function)

  4. It's non-standard SQL, so if you ever need to port your app to another platform you'll need to come up with a replacement

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.