I was asked this question recently, and I thought it was a great little tidbit of knowledge to pass along. The short answer is "no". The slightly longer answer was written up by Jan Kneschke when dealing with a forum post about proxy + connection pooling.From http://forums.mysql.com/read.php?146,169265,169700The clear-text password is _never_ transfered in the authentication phase.On the network we have:

The answers to the last pop quiz are up: http://www.pythian.com/blogs/868/pop-quiz-mysql-clusterSo here's another pop quiz. Given the following:Welcome to the MySQL monitor. Commands end with ; or \\g.Your MySQL connection id is 16450949 to server version: 4.1.14-standard-logType 'help;' or '\\h' for help. Type '\\c' to clear the buffer.mysql> select count(*),length(password) from mysql.user group by l

Lenz Grimmer recently wrote two blogs about password security on MySQL. Both are worth reading in detail. You'll find them in Basic MySQL Security: Providing passwords on the command line and More on MySQL password security. Although I wrote a comment on the latter one, there is one point I thought was worth its own blog.

I was recently asked a question by someone who had attended my Shmoocon talk entitled "Why are Databases So Hard to Secure?". PDF slides are available (1.34 Mb). I was going to put this into a more formal structure, but the conversational nature works really well. I would love to see comments reflecting others' thoughts.I found several things of interest in your talk about database security and several new things to think about.In particular I realized that DBMSs have at least two hats in the world of software architecture namely as technical services ("smart file system") and as application framework. Perhaps that "depth" is one of the reasons why dbms is hard to secure? For example, considering just the question of who or what have user roles within a DBMS deployment. From the "deep" point of view, the "user" could be an application, or a module, or just the next layer up  []

Here are the slides and links I am using for the "Database Security Using White-Hat Google Hacking" at the 2008 MySQL Users Conference and Expo.pdf slidesWhere to Start:http://johnny.ihackstuff.com/ghdb.phpi-hacked.com/content/view/23/42

A collection of MySQL cartoons, featuring Sakila in several environments. Includes images for LAMP, Java, performance, Proxy, Forge, Security, University, Speaker, Writer, traveler, wizard, Summer of Code, and the Librarian.

An overview how to make MySQL host system more secure, MySQL itself hardened, access control impossible to penetrate and use all possible security features MySQL provides. Additionally, it will cover some of security design flaws, that can be best resolved by hacking MySQL itself.

MySQL security best practices often assume restricted access to the physical server and restrictive file system privileges. However, OEM's and ISV's who bundle and distribute their application with MySQL have no control over where the application is installed. This session will provide silent installation instructions, common deployment strategies and recommendations for securing your data.