mysql 4.1¿¡¼ Á¦·Îº¸µåÀÇ È£È¯¼º ¹®Á¦ ÇØ°á |
### Mysql 4.1.x ¿¡¼ Á¦·Îº¸µå »ç¿ëÇϱâ
ÆÄÀϸí : zb41pl4.tar.Z Mysql 4.1 ¹öÀü¿¡¼ Á¦·Îº¸µå ȣȯ¿¡ ¹®Á¦°¡ µÇ´Â ÀÌÀ¯ 1. PASSWORD ÇÔ¼öÀÇ »ç¿ë¹ÙÀÌÆ® ¼ö Áõ°¡ ±âÁ¸ 4.0 ±îÁöÀÇ password() ÇÔ¼ö´Â ÇÔȣȸ¦ À§ÇØ 16 ¹ÙÀÌÆ®¸¦ »ç¿ëÇߴµ¥ 4.1 ºÎÅÍ´Â 41 ¹ÙÀÌÆ®¸¦ »ç¿ëÇÕ´Ï´Ù. ±×¸®°í 4.1 ¿¡¼ 4.0 ÀÌÀüÀÇ 16 ¹ÙÀÌÆ® ÇÔ¼ö´Â old_password() ¶ó´Â À̸§À¸·Î ¹Ù²î¾ú½À´Ï´Ù. ¾Æ·¡´Â 4.1 ¿¡¼ÀÇ °£´ÜÇÑ ¿¹ÀÔ´Ï´Ù. mysql> select password('aabbcc'); +-------------------------------------------+ | password('aabbcc') | +-------------------------------------------+ | *2413A83E64BC8C0B97D3072004D15A19E48A1C00 | +-------------------------------------------+ 1 row in set (0.00 sec) mysql> select old_password('aabbcc'); +------------------------+ | old_password('aabbcc') | +------------------------+ | 2cbf598202278785 | +------------------------+ 1 row in set (0.00 sec) mysql> select length(password('aabbcc')); +----------------------------+ | length(password('aabbcc')) | +----------------------------+ | 41 | +----------------------------+ 1 row in set (0.00 sec) mysql> select length(old_password('aabbcc')); +--------------------------------+ | length(old_password('aabbcc')) | +--------------------------------+ | 16 | +--------------------------------+ 1 row in set (0.00 sec) 2. Å×ÀÌºí »ý¼º ½ºÅ°¸¶ Á¦ÇÑ Á¦·Îº¸µå¿¡¼ »õ Å×À̺íÀ» »ý¼ºÇÒ¶§ ¼Ò½º µð·ºÅ丮ÀÇ schema.sql À̶ó´Â ÆÄÀÏÀ» ÅëÇؼ »ý¼ºÇÕ´Ï´Ù. Mysql 4.1 ¿¡¼´Â create table ¿¡¼ create table $admin_table ( no int(11) default '0' not null auto_increment primary key, group_no int(20) unsigned not null, .... ¿Í °°ÀÌ auto_increment ¿É¼ÇÀ» ÁØ Ä®·³¿¡ default '0' °ú °°Àº µðÆúÆ® °ªÀ» °°ÀÌ »ç¿ëÇÒ ¼ö°¡ ¾ø½À´Ï´Ù. ±×·¸°Ô »ç¿ëÇÏ¸é ¾Æ·¡ ó·³ ¿¡·¯°¡ ³³´Ï´Ù. ´ç¿¬È÷ Á¦·Îº¸µå¿¡¼ Å×ÀÌºí »ý¼ºÀÌ ¾ÈµË´Ï´Ù. mysql> create table aaaa ( id int default '0' not null auto_increment primary key ); ERROR 1067 (42000): Invalid default value for 'id' mysql> create table aaaa ( id int not null auto_increment primary key ); Query OK, 0 rows affected (0.01 sec) À§ µÎ°¡Áö¸¸ Àß ÀÌÇØÇϸé Mysql 4.1 ¿¡¼ Á¦·Îº¸µå »ç¿ë½Ã ¹ß»ýÇÏ´Â ¿¡·¯µéÀÇ ¿øÀÎÀ» ãÀ» ¼ö°¡ ÀÖ½À´Ï´Ù. Á»´õ ±¸Ã¼ÀûÀ¸·Î º¸¸é.. [¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷] Á¦·Îº¸µå¸¦ óÀ½À¸·Î ¼³Ä¡Çؼ »ç¿ëÇϵç ÀÌÀü Á¦·Îº¸µåµ¥ÀÌŸ¿Í ¼Ò½º¸¦ ¿Å±âµçÁö ¹Ýµå½Ã ¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷Àº schema.sql À̶ó´Â ÆÄÀÏ¿¡¼ default '0' not null auto_increment À̺κп¡¼ default '0' À» »èÁ¦ÇÕ´Ï´Ù. ¸ðµç default '0'À» »èÁ¦ÇÏ´Â °ÍÀÌ ¾Æ´Ï¶ó ¹Ýµå½Ã auto_increment ¿Í °°ÀÌ »ç¿ëµÇ´Â Ä®·³ÀÇ default '0' À» »èÁ¦ÇÕ´Ï´Ù. ±×¸®°í Æнº¿öµå ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±âµµ ÀÌÀü 20 ¿¡¼ 41 ·Î ´Ã·ÁÁÖ´Â °ÍÀÌ ÁÁ½À´Ï´Ù. ¾Æ·¡¿¡¼ ´Ù½Ã.. [ 4.1 ¹öÀüÀÇ »õ password() ÇÔ¼ö¸¦ »ç¿ëÇÒ °æ¿ì] ÃÖÃÊ·Î Á¦·Îº¸µå¸¦ ±ò¾Æ¼ »ç¿ëÇÏ·Á´Â »ç¶÷µé¿¡°Ô Àû¿ëµÉ µíÇÕ´Ï´Ù. Á»´õ º¸¾ÈÀÌ °ÈµÈ 4.1 ¹öÀüÀÇ password ÇÔ¼ö¸¦ »ç¿ëÇÏ·Á¸é php ¼Ò½º´Â ±×´ë·Î µÎ°í schema.sql ÆÄÀÏÀ» Ãß°¡ ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù. À§¿¡¼´Â schema.sql ÀÇ default '0' ºÎºÐ¸¸ ¼öÁ¤Çߴµ¥ À̹ø¿¡´Â password ¸¦ ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±â¸¦ ´Ã·Á¾ß ÇÕ´Ï´Ù. ±âÁ¸ÀÇ password Ä®·³Àº 20 ȤÀº 18 µîÀÇ Å©±â·Î µÇ¾î Àִµ¥ password char(20) À̺κÐÀ» 41 ·Î ¼öÁ¤ÇØ ÁÝ´Ï´Ù. schema.sql ¿¡¼ 29 ¶óÀÎÀÇ password char(20) not null, 38 ¶óÀÎÀÇ jumin char(18), 234 ¶óÀÎÀÇ password char(20), 288 ¶óÀÎÀÇ password char(20), ¸ðµÎ 4 °÷À» 41 ·Î Å©±â¸¦ ¼öÁ¤ÇØ ÁÝ´Ï´Ù. Á¦·Îº¸µå¿¡¼´Â Áֹεî·Ï¹øÈ£µµ ¾Ïȣȸ¦ ÇϹǷΠjumin Ä®·³µµ ¼öÁ¤ÇØ Áà¾ß ÇÕ´Ï´Ù. ÀÌ ¿Ü¿¡µµ ºüÁøºÎºÐÀÌ ÀÖ´ÂÁö´Â °¢ÀÚ ¾Ë¾Æ¼ üũÇغ¸½Ã±æ. ÀÌ¿Í °°Àº ÀÛ¾÷Àº ½ÇÁ¦ ¼³Ä¡¸¦ ½ÃÀÛÇÏ°Ô Àü¿¡ ÇØÁà¾ß ÇÕ´Ï´Ù. ¼öÁ¤ÇÏÁö ¾Ê°í ¼³Ä¡ÈÄ ¿¡·¯°¡ ³µÀ» °æ¿ì¿¡´Â »ý¼ºµÈ DB ¸¦ »èÁ¦ÇØÁÖ°í config.php ÆÄÀÏÀ» »èÁ¦ÇÑÈÄ ´Ù½Ã install.php ¸¦ ½ÇÇàÇؼ ÷ºÎÅÍ ´Ù½Ã ¼³Ä¡¸¦ ÇÏ½Ã¸é µË´Ï´Ù. [ÀÌÀü 4.0 ÀÌÇÏ ¹öÀüÀÇ password() ÇÔ¼ö¸¦ ±×´ë·Î »ç¿ëÇÒ °æ¿ì] 4.0 ÀÌÀüÀÇ password()ÇÔ¼ö´Â mysql 4.1x ¿¡¼´Â old_password() ¶ó´Â ÇÔ¼ö·Î »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ¹Ì mysql 4.0 ÀÌÇϹöÀü¿¡ Á¦·Îº¸µå·Î ¸¹Àº ȸ¿ø°ú °Ô½ÃÆǵéÀ» ¿î¿µÇÏ°í ÀÖ¾ú´ø °æ¿ì ±× µ¥ÀÌŸ¸¦ ±×´ë·Î »ì¸®¸é¼ 4.1·Î ¿Å±æ¶§ Àû¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. ¿ì¼± Á¦·Îº¸µåÀÇ php ¼Ò½º¿¡¼ »ç¿ëµÈ ¸ðµç password() ÇÔ¼ö¸¦ old_password() ÇÔ¼ö·Î °íÄ¡¸é µË´Ï´Ù. ¸»ÀÌ ½±Áö ÀÛ¾÷Çϱâ Àå³ ¾Æ´Õ´Ï´Ù. ÀÏ´Ü ¾î¶² ¼Ò½º¿¡¼ password() ÇÔ¼ö¸¦ ¾²´ÂÁö º¸·Á¸é.. [root@haansoft bbs]# pwd /var/www/html/bbs [root@haansoft bbs]# grep -R -i -l "password(" ./* ./admin/admin_exec_member.php ./admin/admin_view_member.php ./comment_ok.php ./del_comment_ok.php ./delete_ok.php ./install2_ok.php ./login_check.php ./lostid_search.php ./member_join_ok.php ./member_modify_ok.php ./member_out.php ./view.php ./write_ok.php [root@haansoft bbs]# ¿Í °°Àº ÆÄÀϵéÀÌ password() ÇÔ¼ö¸¦ ¾¹´Ï´Ù. ±¸Ã¼ÀûÀÎ ¶óÀÎÀÇ ³»¿ëÀ» º¸·Á¸é grep -R -i "password(" ./* ¿Í °°ÀÌ -l ¿É¼ÇÀ» »©°í grep ¸í·ÉÀ» ³»·Áº¸¸é µË´Ï´Ù. À§ 13 °³ ÆÄÀÏÀ» ¿¾î¼ password("$password") ¿Í °°Àº ºÎºÐÀ» old_password("$password") ¿Í °°ÀÌ ¼öÁ¤ÇØ ÁÖ¸é µË´Ï´Ù. [±âŸ] ¿øÀÎÀ» ¾Ë ¼ö ¾ø´Â ¿¡·¯ÀÇ °æ¿ì ·Î±×ÆÄÀÏ¿¡ ±â·ÏÀ» ³²±â¸é ±×°ÍÀ» º¸°í ÇØ°áÃ¥À» ãÀ» ¼ö°¡ ÀÖ½À´Ï´Ù. ÇѼÒÇÁÆ®¸®´ª½º2005 ¿¡¼´Â ±âº»À¸·Î mysql ÀÇ ·Î±×¸¦ ³²±âÁö ¾Ê½À´Ï´Ù. ³²±â·Á¸é /etc/my.cnf ÆÄÀÏÀ» ¿¡¼ [mysqld] ¿µ¿ª ¾Æ·¡¿¡ log=/var/log/mysqld.log ¿Í °°ÀÌ log ÆÄÀÏÀ» ÁöÁ¤ÇØ ÁÖ°í mysql µ¥¸óÀ» Àç½ÃÀÛÇÏ¸é ¼Ò½º¿¡¼ select µîÀÇ sql ¹® ½ÇÇà¸ð½ÀÀ» º¼ ¼ö ÀÖ½À´Ï´Ù. ½©¿¡¼ # tail -f /var/log/mysqld.log ¿Í °°Àº ¸í·É¾î·Î ½Ç½Ã°£ Ãß°¡µÇ´Â Á¤º¸¸¦ º¼ ¼ö ÀÖ½À´Ï´Ù. ±×·±µ¥ ÁÖÀÇÇØ¾ß ÇÒ Á¡Àº ·Î±×ÆÄÀÏÀÌ ³Ê¹« Ä¿Áú ¼ö ÀÖÀ¸¹Ç·Î ¹®Á¦°¡ ÇØ°áµÇ¸é ´Ù½Ã ·Î±×±â·ÏÀ» ºñÈ°¼ºÈ ½ÃÅ°´Â °ÍÀÌ ÁÁ½À´Ï´Ù. |