> (UPDATE users SET password=null WHERE hashing_scheme='old')
Except you did this while the world was on fire, late on a Friday night, after a few beers, with management screaming down the phone. And you didn't check to make sure it didn't allow anyone to log into all effected users accounts with a null/empty password. Oooops...
(Been there, done that, made similarly stupid mistakes...)
An empty string hash does not equal the empty string (if you are on Oracle) and does certainly not equal null.
This will make it impossible for those users to login. Also, if you are luck it won't take the rest of the service down with them, making it impossible for the other users to login too.
Except you did this while the world was on fire, late on a Friday night, after a few beers, with management screaming down the phone. And you didn't check to make sure it didn't allow anyone to log into all effected users accounts with a null/empty password. Oooops...
(Been there, done that, made similarly stupid mistakes...)