### Mysql 4.1.x ¿¡¼ Á¦·Îº¸µå »ç¿ëÇϱâ
ÆÄÀϸí : zb41pl4.tar.Z
Mysql 4.1 ¹öÀü¿¡¼ Á¦·Îº¸µå ȣȯ¿¡ ¹®Á¦°¡ µÇ´Â ÀÌÀ¯
1. PASSWORD ÇÔ¼öÀÇ »ç¿ë¹ÙÀÌÆ® ¼ö Áõ°¡
±âÁ¸ 4.0 ±îÁöÀÇ password() ÇÔ¼ö´Â ÇÔȣȸ¦ À§ÇØ 16 ¹ÙÀÌÆ®¸¦
»ç¿ëÇߴµ¥ 4.1 ºÎÅÍ´Â 41 ¹ÙÀÌÆ®¸¦ »ç¿ëÇÕ´Ï´Ù.
±×¸®°í 4.1 ¿¡¼ 4.0 ÀÌÀüÀÇ 16 ¹ÙÀÌÆ® ÇÔ¼ö´Â old_password() ¶ó´Â
À̸§À¸·Î ¹Ù²î¾ú½À´Ï´Ù.
¾Æ·¡´Â 4.1 ¿¡¼ÀÇ °£´ÜÇÑ ¿¹ÀÔ´Ï´Ù.
mysql> select password('aabbcc');
+-------------------------------------------+
| password('aabbcc') |
+-------------------------------------------+
| *2413A83E64BC8C0B97D3072004D15A19E48A1C00 |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql> select old_password('aabbcc');
+------------------------+
| old_password('aabbcc') |
+------------------------+
| 2cbf598202278785 |
+------------------------+
1 row in set (0.00 sec)
mysql> select length(password('aabbcc'));
+----------------------------+
| length(password('aabbcc')) |
+----------------------------+
| 41 |
+----------------------------+
1 row in set (0.00 sec)
mysql> select length(old_password('aabbcc'));
+--------------------------------+
| length(old_password('aabbcc')) |
+--------------------------------+
| 16 |
+--------------------------------+
1 row in set (0.00 sec)
2. Å×ÀÌºí »ý¼º ½ºÅ°¸¶ Á¦ÇÑ
Á¦·Îº¸µå¿¡¼ »õ Å×À̺íÀ» »ý¼ºÇÒ¶§ ¼Ò½º µð·ºÅ丮ÀÇ schema.sql À̶ó´Â ÆÄÀÏÀ»
ÅëÇؼ »ý¼ºÇÕ´Ï´Ù.
Mysql 4.1 ¿¡¼´Â create table ¿¡¼
create table $admin_table (
no int(11) default '0' not null auto_increment primary key,
group_no int(20) unsigned not null,
....
¿Í °°ÀÌ auto_increment ¿É¼ÇÀ» ÁØ Ä®·³¿¡ default '0' °ú °°Àº
µðÆúÆ® °ªÀ» °°ÀÌ »ç¿ëÇÒ ¼ö°¡ ¾ø½À´Ï´Ù.
±×·¸°Ô »ç¿ëÇÏ¸é ¾Æ·¡ ó·³ ¿¡·¯°¡ ³³´Ï´Ù. ´ç¿¬È÷ Á¦·Îº¸µå¿¡¼
Å×ÀÌºí »ý¼ºÀÌ ¾ÈµË´Ï´Ù.
mysql> create table aaaa ( id int default '0' not null auto_increment primary key );
ERROR 1067 (42000): Invalid default value for 'id'
mysql> create table aaaa ( id int not null auto_increment primary key );
Query OK, 0 rows affected (0.01 sec)
À§ µÎ°¡Áö¸¸ Àß ÀÌÇØÇϸé Mysql 4.1 ¿¡¼ Á¦·Îº¸µå »ç¿ë½Ã ¹ß»ýÇÏ´Â ¿¡·¯µéÀÇ ¿øÀÎÀ»
ãÀ» ¼ö°¡ ÀÖ½À´Ï´Ù.
Á»´õ ±¸Ã¼ÀûÀ¸·Î º¸¸é..
[¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷]
Á¦·Îº¸µå¸¦ óÀ½À¸·Î ¼³Ä¡Çؼ »ç¿ëÇϵç ÀÌÀü Á¦·Îº¸µåµ¥ÀÌŸ¿Í ¼Ò½º¸¦ ¿Å±âµçÁö
¹Ýµå½Ã ¹«Á¶°Ç ÇؾßÇÏ´Â ÀÛ¾÷Àº schema.sql À̶ó´Â ÆÄÀÏ¿¡¼
default '0' not null auto_increment À̺κп¡¼ default '0' À» »èÁ¦ÇÕ´Ï´Ù.
¸ðµç default '0'À» »èÁ¦ÇÏ´Â °ÍÀÌ ¾Æ´Ï¶ó ¹Ýµå½Ã auto_increment ¿Í °°ÀÌ »ç¿ëµÇ´Â
Ä®·³ÀÇ default '0' À» »èÁ¦ÇÕ´Ï´Ù.
±×¸®°í Æнº¿öµå ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±âµµ ÀÌÀü 20 ¿¡¼ 41 ·Î ´Ã·ÁÁÖ´Â °ÍÀÌ
ÁÁ½À´Ï´Ù. ¾Æ·¡¿¡¼ ´Ù½Ã..
[ 4.1 ¹öÀüÀÇ »õ password() ÇÔ¼ö¸¦ »ç¿ëÇÒ °æ¿ì]
ÃÖÃÊ·Î Á¦·Îº¸µå¸¦ ±ò¾Æ¼ »ç¿ëÇÏ·Á´Â »ç¶÷µé¿¡°Ô Àû¿ëµÉ µíÇÕ´Ï´Ù.
Á»´õ º¸¾ÈÀÌ °ÈµÈ 4.1 ¹öÀüÀÇ password ÇÔ¼ö¸¦ »ç¿ëÇÏ·Á¸é php ¼Ò½º´Â
±×´ë·Î µÎ°í schema.sql ÆÄÀÏÀ» Ãß°¡ ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù.
À§¿¡¼´Â schema.sql ÀÇ default '0' ºÎºÐ¸¸ ¼öÁ¤Çߴµ¥
À̹ø¿¡´Â password ¸¦ ÀúÀåÇÏ´Â Ä®·³ÀÇ Å©±â¸¦ ´Ã·Á¾ß ÇÕ´Ï´Ù.
±âÁ¸ÀÇ password Ä®·³Àº 20 ȤÀº 18 µîÀÇ Å©±â·Î µÇ¾î Àִµ¥
password char(20)
À̺κÐÀ» 41 ·Î ¼öÁ¤ÇØ ÁÝ´Ï´Ù.
schema.sql ¿¡¼
29 ¶óÀÎÀÇ password char(20) not null,
38 ¶óÀÎÀÇ jumin char(18),
234 ¶óÀÎÀÇ password char(20),
288 ¶óÀÎÀÇ password char(20),
¸ðµÎ 4 °÷À» 41 ·Î Å©±â¸¦ ¼öÁ¤ÇØ ÁÝ´Ï´Ù.
Á¦·Îº¸µå¿¡¼´Â Áֹεî·Ï¹øÈ£µµ ¾Ïȣȸ¦ ÇϹǷΠjumin Ä®·³µµ
¼öÁ¤ÇØ Áà¾ß ÇÕ´Ï´Ù. ÀÌ ¿Ü¿¡µµ ºüÁøºÎºÐÀÌ ÀÖ´ÂÁö´Â °¢ÀÚ ¾Ë¾Æ¼
üũÇغ¸½Ã±æ.
ÀÌ¿Í °°Àº ÀÛ¾÷Àº ½ÇÁ¦ ¼³Ä¡¸¦ ½ÃÀÛÇÏ°Ô Àü¿¡ ÇØÁà¾ß ÇÕ´Ï´Ù.
¼öÁ¤ÇÏÁö ¾Ê°í ¼³Ä¡ÈÄ ¿¡·¯°¡ ³µÀ» °æ¿ì¿¡´Â »ý¼ºµÈ DB ¸¦
»èÁ¦ÇØÁÖ°í config.php ÆÄÀÏÀ» »èÁ¦ÇÑÈÄ ´Ù½Ã install.php ¸¦
½ÇÇàÇؼ ÷ºÎÅÍ ´Ù½Ã ¼³Ä¡¸¦ ÇÏ½Ã¸é µË´Ï´Ù.
[ÀÌÀü 4.0 ÀÌÇÏ ¹öÀüÀÇ password() ÇÔ¼ö¸¦ ±×´ë·Î »ç¿ëÇÒ °æ¿ì]
4.0 ÀÌÀüÀÇ password()ÇÔ¼ö´Â mysql 4.1x ¿¡¼´Â old_password() ¶ó´Â
ÇÔ¼ö·Î »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
ÀÌ¹Ì mysql 4.0 ÀÌÇϹöÀü¿¡ Á¦·Îº¸µå·Î ¸¹Àº ȸ¿ø°ú °Ô½ÃÆǵéÀ» ¿î¿µÇÏ°í
ÀÖ¾ú´ø °æ¿ì ±× µ¥ÀÌŸ¸¦ ±×´ë·Î »ì¸®¸é¼ 4.1·Î ¿Å±æ¶§ Àû¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
¿ì¼± Á¦·Îº¸µåÀÇ php ¼Ò½º¿¡¼ »ç¿ëµÈ ¸ðµç password() ÇÔ¼ö¸¦ old_password() ÇÔ¼ö·Î
°íÄ¡¸é µË´Ï´Ù. ¸»ÀÌ ½±Áö ÀÛ¾÷Çϱâ Àå³ ¾Æ´Õ´Ï´Ù.
ÀÏ´Ü ¾î¶² ¼Ò½º¿¡¼ password() ÇÔ¼ö¸¦ ¾²´ÂÁö º¸·Á¸é..
[root@haansoft bbs]# pwd
/var/www/html/bbs
[root@haansoft bbs]# grep -R -i -l "password(" ./*
./admin/admin_exec_member.php
./admin/admin_view_member.php
./comment_ok.php
./del_comment_ok.php
./delete_ok.php
./install2_ok.php
./login_check.php
./lostid_search.php
./member_join_ok.php
./member_modify_ok.php
./member_out.php
./view.php
./write_ok.php
[root@haansoft bbs]#
¿Í °°Àº ÆÄÀϵéÀÌ password() ÇÔ¼ö¸¦ ¾¹´Ï´Ù. ±¸Ã¼ÀûÀÎ ¶óÀÎÀÇ ³»¿ëÀ» º¸·Á¸é
grep -R -i "password(" ./* ¿Í °°ÀÌ -l ¿É¼ÇÀ» »©°í grep ¸í·ÉÀ»
³»·Áº¸¸é µË´Ï´Ù.
À§ 13 °³ ÆÄÀÏÀ» ¿¾î¼ password("$password") ¿Í °°Àº ºÎºÐÀ»
old_password("$password") ¿Í °°ÀÌ ¼öÁ¤ÇØ ÁÖ¸é µË´Ï´Ù.
[±âŸ]
¿øÀÎÀ» ¾Ë ¼ö ¾ø´Â ¿¡·¯ÀÇ °æ¿ì ·Î±×ÆÄÀÏ¿¡ ±â·ÏÀ» ³²±â¸é ±×°ÍÀ»
º¸°í ÇØ°áÃ¥À» ãÀ» ¼ö°¡ ÀÖ½À´Ï´Ù. ÇѼÒÇÁÆ®¸®´ª½º2005 ¿¡¼´Â
±âº»À¸·Î mysql ÀÇ ·Î±×¸¦ ³²±âÁö ¾Ê½À´Ï´Ù.
³²±â·Á¸é
/etc/my.cnf ÆÄÀÏÀ» ¿¡¼ [mysqld] ¿µ¿ª ¾Æ·¡¿¡
log=/var/log/mysqld.log
¿Í °°ÀÌ log ÆÄÀÏÀ» ÁöÁ¤ÇØ ÁÖ°í mysql µ¥¸óÀ» Àç½ÃÀÛÇϸé
¼Ò½º¿¡¼ select µîÀÇ sql ¹® ½ÇÇà¸ð½ÀÀ» º¼ ¼ö ÀÖ½À´Ï´Ù.
½©¿¡¼
# tail -f /var/log/mysqld.log
¿Í °°Àº ¸í·É¾î·Î ½Ç½Ã°£ Ãß°¡µÇ´Â Á¤º¸¸¦ º¼ ¼ö ÀÖ½À´Ï´Ù.
±×·±µ¥ ÁÖÀÇÇØ¾ß ÇÒ Á¡Àº ·Î±×ÆÄÀÏÀÌ ³Ê¹« Ä¿Áú ¼ö ÀÖÀ¸¹Ç·Î
¹®Á¦°¡ ÇØ°áµÇ¸é ´Ù½Ã ·Î±×±â·ÏÀ» ºñÈ°¼ºÈ ½ÃÅ°´Â °ÍÀÌ ÁÁ½À´Ï´Ù.
|
¼£·Ò~
³! ÀÚÀ¯ÀÎ... |
|
|