On 10/07/2009, at 10:15 PM, Julian Muscat Doublesin wrote:
> I have spent quite some time researching the internet for ways to pass
> encrypted passwords to MySQL Database Server.
> Encrypting user passwords for a website that's not the issue. The
> issue is. All content management systems make use of a configuration
> These files store vital data such as the database server address,
> and password. I would like to find out if it is possible to give the
> database server an encrypted password, MD5.
When you think about it further, you'll realise that the point is
fairly moot: if you create an MD5 or SHA1 from a password as a one-off
operation, and use that, then that is effectively your password and
that's as such no more secure than the original password, if someone
were to get their hands on the config file.
Your web app needs to have access to a db, so if anyone hacks the web
app (or the server it runs on), then by definition you may presume
they'll have the same access. That's just a fact. You can add some
obscurity to it, but the fact remains.
Arjen Lentz, Director @ Open Query (http://openquery.com)
Exceptional Services for MySQL at a fixed budget.
Follow our blog at http://openquery.com/blog/
OurDelta: free enhanced builds for MySQL @ http://ourdelta.org