No, you should not use your own password hashing for MySQL authentication.
MySQL uses its own password hashing function ( PASSWORD() ), which produces a 41-byte sixth line (based on applying SHA1 to the input twice). Unfortunately, salt is not used.
If you could use GRANT in the form that you specify in your question, then MySQL will apply its PASSWORD() function to the string output of the hash() function. Subsequently, when you want to log in, you will need to enter a 256-bit hash of your password so that it matches what is in the MySQL authentication database.
In addition, MySQL supports the SHA2() family of hash functions with MySQL 6.0.5.
The hash() function is what you probably remember from PHP. It is not part of MySQL.
update: I attended a MySQL conference this week and found out that they are completely changing their roadmap for future product version numbers. The SHA2() function is currently part of the MySQL source, but has not determined which version of the product matches. In addition, you need MySQL built with OpenSSL / YaSSL support for SHA2() to work.
Repeat your comment: Usually, MySQL authentication is completely different from user account authentication in this web application (this is best practice for several reasons).
Yes, you need to hardcode the username / password for MySQL authentication for your web application. Maybe, but a configuration file would be even better. Of course, put them outside the web root.
When the user needs to log in, calculate the hash() their input password, combined with the salt value for the entry for their account. Then compare this with the hash stored in the database for this user. In pseudo code:
$salt = $db->query("SELECT salt FROM Accounts WHERE account_name = ?", $input_account_name); $password_hash = hash('sha256', $salt + $input_password) $is_password_correct = $db->query("SELECT password_hash = ? FROM Accounts WHERE account_name = ?", $password_hash, $input_account_name);