mysql 4.1¿¡¼­ Á¦·Îº¸µåÀÇ È£È¯¼º ¹®Á¦ ÇØ°á
### Mysql 4.1.x ¿¡¼­ Á¦·Îº¸µå »ç¿ëÇϱâ
ÆÄÀϸí : zb41pl4.tar.Z


Mysql 4.1 ¹öÀü¿¡¼­ Á¦·Îº¸µå ȣȯ¿¡ ¹®Á¦°¡ µÇ´Â ÀÌÀ¯

1. PASSWORD ÇÔ¼öÀÇ »ç¿ë¹ÙÀÌÆ® ¼ö Áõ°¡
±âÁ¸ 4.0 ±îÁöÀÇ password() ÇÔ¼ö´Â ÇÔȣȭ¸¦ À§ÇØ 16 ¹ÙÀÌÆ®¸¦
»ç¿ëÇߴµ¥ 4.1 ºÎÅÍ´Â 41 ¹ÙÀÌÆ®¸¦ »ç¿ëÇÕ´Ï´Ù.
±×¸®°í 4.1 ¿¡¼­ 4.0 ÀÌÀüÀÇ 16 ¹ÙÀÌÆ® ÇÔ¼ö´Â old_password() ¶ó´Â
À̸§À¸·Î ¹Ù²î¾ú½À´Ï´Ù.

¾Æ·¡´Â 4.1 ¿¡¼­ÀÇ °£´ÜÇÑ ¿¹ÀÔ´Ï´Ù.

mysql> select password('aabbcc');
+-------------------------------------------+
| password('aabbcc') |
+-------------------------------------------+
| *2413A83E64BC8C0B97D3072004D15A19E48A1C00 |
+-------------------------------------------+
1 row in set (0.00 sec)

mysql> select old_password('aabbcc');
+------------------------+
| old_password('aabbcc') |
+------------------------+
| 2cbf598202278785 |
+------------------------+
1 row in set (0.00 sec)

mysql> select length(password('aabbcc'));
+----------------------------+
| length(password('aabbcc')) |
+----------------------------+
| 41 |
+----------------------------+
1 row in set (0.00 sec)

mysql> select length(old_password('aabbcc'));
+--------------------------------+
| length(old_password('aabbcc')) |
+--------------------------------+
| 16 |
+--------------------------------+
1 row in set (0.00 sec)



2. Å×ÀÌºí »ý¼º ½ºÅ°¸¶ Á¦ÇÑ

Á¦·Îº¸µå¿¡¼­ »õ Å×À̺íÀ» »ý¼ºÇÒ¶§ ¼Ò½º µð·ºÅ丮ÀÇ schema.sql À̶ó´Â ÆÄÀÏÀ»
ÅëÇؼ­ »ý¼ºÇÕ´Ï´Ù.
Mysql 4.1 ¿¡¼­´Â create table ¿¡¼­

create table $admin_table (
no int(11) default '0' not null auto_increment primary key,
group_no int(20) unsigned not null,
....

¿Í °°ÀÌ auto_increment ¿É¼ÇÀ» ÁØ Ä®·³¿¡ default '0' °ú °°Àº
µðÆúÆ® °ªÀ» °°ÀÌ »ç¿ëÇÒ ¼ö°¡ ¾ø½À´Ï´Ù.

±×·¸°Ô »ç¿ëÇÏ¸é ¾Æ·¡ ó·³ ¿¡·¯°¡ ³³´Ï´Ù. ´ç¿¬È÷ Á¦·Îº¸µå¿¡¼­
Å×ÀÌºí »ý¼ºÀÌ ¾ÈµË´Ï´Ù.


mysql> create table aaaa ( id int default '0' not null auto_increment primary key );
ERROR 1067 (42000): Invalid default value for 'id'

mysql> create table aaaa ( id int not null auto_increment primary key );
Query OK, 0 rows affected (0.01 sec)




À§ µÎ°¡Áö¸¸ Àß ÀÌÇØÇϸé Mysql 4.1 ¿¡¼­ Á¦·Îº¸µå »ç¿ë½Ã ¹ß»ýÇÏ´Â ¿¡·¯µéÀÇ ¿øÀÎÀ»
ãÀ» ¼ö°¡ ÀÖ½À´Ï´Ù.
Á»´õ ±¸Ã¼ÀûÀ¸·Î º¸¸é..


[¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷]

Á¦·Îº¸µå¸¦ óÀ½À¸·Î ¼³Ä¡Çؼ­ »ç¿ëÇϵç ÀÌÀü Á¦·Îº¸µåµ¥ÀÌŸ¿Í ¼Ò½º¸¦ ¿Å±âµçÁö
¹Ýµå½Ã ¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷Àº schema.sql À̶ó´Â ÆÄÀÏ¿¡¼­
default '0' not null auto_increment À̺κп¡¼­ default '0' À» »èÁ¦ÇÕ´Ï´Ù.
¸ðµç default '0'À» »èÁ¦ÇÏ´Â °ÍÀÌ ¾Æ´Ï¶ó ¹Ýµå½Ã auto_increment ¿Í °°ÀÌ »ç¿ëµÇ´Â
Ä®·³ÀÇ default '0' À» »èÁ¦ÇÕ´Ï´Ù.

±×¸®°í Æнº¿öµå ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±âµµ ÀÌÀü 20 ¿¡¼­ 41 ·Î ´Ã·ÁÁÖ´Â °ÍÀÌ
ÁÁ½À´Ï´Ù. ¾Æ·¡¿¡¼­ ´Ù½Ã..










[ 4.1 ¹öÀüÀÇ »õ password() ÇÔ¼ö¸¦ »ç¿ëÇÒ °æ¿ì]

ÃÖÃÊ·Î Á¦·Îº¸µå¸¦ ±ò¾Æ¼­ »ç¿ëÇÏ·Á´Â »ç¶÷µé¿¡°Ô Àû¿ëµÉ µíÇÕ´Ï´Ù.
Á»´õ º¸¾ÈÀÌ °­È­µÈ 4.1 ¹öÀüÀÇ password ÇÔ¼ö¸¦ »ç¿ëÇÏ·Á¸é php ¼Ò½º´Â
±×´ë·Î µÎ°í schema.sql ÆÄÀÏÀ» Ãß°¡ ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù.

À§¿¡¼­´Â schema.sql ÀÇ default '0' ºÎºÐ¸¸ ¼öÁ¤Çߴµ¥
À̹ø¿¡´Â password ¸¦ ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±â¸¦ ´Ã·Á¾ß ÇÕ´Ï´Ù.

±âÁ¸ÀÇ password Ä®·³Àº 20 ȤÀº 18 µîÀÇ Å©±â·Î µÇ¾î Àִµ¥

password char(20)

À̺κÐÀ» 41 ·Î ¼öÁ¤ÇØ ÁÝ´Ï´Ù.
schema.sql ¿¡¼­

29 ¶óÀÎÀÇ password char(20) not null,
38 ¶óÀÎÀÇ jumin char(18),
234 ¶óÀÎÀÇ password char(20),
288 ¶óÀÎÀÇ password char(20),


¸ðµÎ 4 °÷À» 41 ·Î Å©±â¸¦ ¼öÁ¤ÇØ ÁÝ´Ï´Ù.
Á¦·Îº¸µå¿¡¼­´Â Áֹεî·Ï¹øÈ£µµ ¾Ïȣȭ¸¦ ÇϹǷΠjumin Ä®·³µµ
¼öÁ¤ÇØ Áà¾ß ÇÕ´Ï´Ù. ÀÌ ¿Ü¿¡µµ ºüÁøºÎºÐÀÌ ÀÖ´ÂÁö´Â °¢ÀÚ ¾Ë¾Æ¼­
üũÇغ¸½Ã±æ.

ÀÌ¿Í °°Àº ÀÛ¾÷Àº ½ÇÁ¦ ¼³Ä¡¸¦ ½ÃÀÛÇÏ°Ô Àü¿¡ ÇØÁà¾ß ÇÕ´Ï´Ù.
¼öÁ¤ÇÏÁö ¾Ê°í ¼³Ä¡ÈÄ ¿¡·¯°¡ ³µÀ» °æ¿ì¿¡´Â »ý¼ºµÈ DB ¸¦
»èÁ¦ÇØÁÖ°í config.php ÆÄÀÏÀ» »èÁ¦ÇÑÈÄ ´Ù½Ã install.php ¸¦
½ÇÇàÇؼ­ ÷ºÎÅÍ ´Ù½Ã ¼³Ä¡¸¦ ÇÏ½Ã¸é µË´Ï´Ù.




[ÀÌÀü 4.0 ÀÌÇÏ ¹öÀüÀÇ password() ÇÔ¼ö¸¦ ±×´ë·Î »ç¿ëÇÒ °æ¿ì]

4.0 ÀÌÀüÀÇ password()ÇÔ¼ö´Â mysql 4.1x ¿¡¼­´Â old_password() ¶ó´Â
ÇÔ¼ö·Î »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
ÀÌ¹Ì mysql 4.0 ÀÌÇϹöÀü¿¡ Á¦·Îº¸µå·Î ¸¹Àº ȸ¿ø°ú °Ô½ÃÆǵéÀ» ¿î¿µÇÏ°í
ÀÖ¾ú´ø °æ¿ì ±× µ¥ÀÌŸ¸¦ ±×´ë·Î »ì¸®¸é¼­ 4.1·Î ¿Å±æ¶§ Àû¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.

¿ì¼± Á¦·Îº¸µåÀÇ php ¼Ò½º¿¡¼­ »ç¿ëµÈ ¸ðµç password() ÇÔ¼ö¸¦ old_password() ÇÔ¼ö·Î
°íÄ¡¸é µË´Ï´Ù. ¸»ÀÌ ½±Áö ÀÛ¾÷Çϱâ Àå³­ ¾Æ´Õ´Ï´Ù.
ÀÏ´Ü ¾î¶² ¼Ò½º¿¡¼­ password() ÇÔ¼ö¸¦ ¾²´ÂÁö º¸·Á¸é..

[root@haansoft bbs]# pwd
/var/www/html/bbs
[root@haansoft bbs]# grep -R -i -l "password(" ./*
./admin/admin_exec_member.php
./admin/admin_view_member.php
./comment_ok.php
./del_comment_ok.php
./delete_ok.php
./install2_ok.php
./login_check.php
./lostid_search.php
./member_join_ok.php
./member_modify_ok.php
./member_out.php
./view.php
./write_ok.php
[root@haansoft bbs]#

¿Í °°Àº ÆÄÀϵéÀÌ password() ÇÔ¼ö¸¦ ¾¹´Ï´Ù. ±¸Ã¼ÀûÀÎ ¶óÀÎÀÇ ³»¿ëÀ» º¸·Á¸é
grep -R -i "password(" ./* ¿Í °°ÀÌ -l ¿É¼ÇÀ» »©°í grep ¸í·ÉÀ»
³»·Áº¸¸é µË´Ï´Ù.
À§ 13 °³ ÆÄÀÏÀ» ¿­¾î¼­ password("$password") ¿Í °°Àº ºÎºÐÀ»
old_password("$password") ¿Í °°ÀÌ ¼öÁ¤ÇØ ÁÖ¸é µË´Ï´Ù.



[±âŸ]

¿øÀÎÀ» ¾Ë ¼ö ¾ø´Â ¿¡·¯ÀÇ °æ¿ì ·Î±×ÆÄÀÏ¿¡ ±â·ÏÀ» ³²±â¸é ±×°ÍÀ»
º¸°í ÇØ°áÃ¥À» ãÀ» ¼ö°¡ ÀÖ½À´Ï´Ù. ÇѼÒÇÁÆ®¸®´ª½º2005 ¿¡¼­´Â
±âº»À¸·Î mysql ÀÇ ·Î±×¸¦ ³²±âÁö ¾Ê½À´Ï´Ù.
³²±â·Á¸é
/etc/my.cnf ÆÄÀÏÀ» ¿¡¼­ [mysqld] ¿µ¿ª ¾Æ·¡¿¡

log=/var/log/mysqld.log

¿Í °°ÀÌ log ÆÄÀÏÀ» ÁöÁ¤ÇØ ÁÖ°í mysql µ¥¸óÀ» Àç½ÃÀÛÇϸé
¼Ò½º¿¡¼­ select µîÀÇ sql ¹® ½ÇÇà¸ð½ÀÀ» º¼ ¼ö ÀÖ½À´Ï´Ù.
½©¿¡¼­
# tail -f /var/log/mysqld.log
¿Í °°Àº ¸í·É¾î·Î ½Ç½Ã°£ Ãß°¡µÇ´Â Á¤º¸¸¦ º¼ ¼ö ÀÖ½À´Ï´Ù.
±×·±µ¥ ÁÖÀÇÇØ¾ß ÇÒ Á¡Àº ·Î±×ÆÄÀÏÀÌ ³Ê¹« Ä¿Áú ¼ö ÀÖÀ¸¹Ç·Î
¹®Á¦°¡ ÇØ°áµÇ¸é ´Ù½Ã ·Î±×±â·ÏÀ» ºñÈ°¼ºÈ­ ½ÃÅ°´Â °ÍÀÌ ÁÁ½À´Ï´Ù.