From: Arjen Lentz
Date: July 11 2009 12:47pm
Subject: Re: Encrypt Server Password
List-Archive: http://lists.mysql.com/community/341
Message-Id: <1CF1F62A-3FEA-4300-BAA4-43E65529AC46@lentz.com.au>
MIME-Version: 1.0 (Apple Message framework v935.3)
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit

Hi Julian

On 10/07/2009, at 10:15 PM, Julian Muscat Doublesin wrote:
> I have spent quite some time researching the internet for ways to pass
> encrypted passwords to MySQL Database Server.
>
> Encrypting user passwords for a website that's not the issue. The  
> actual
> issue is. All content management systems make use of a configuration  
> file.
> These files store vital data such as the database server address,  
> username
> and password. I would like to find out if it is possible to give the
> database server an encrypted password, MD5.


When you think about it further, you'll realise that the point is  
fairly moot: if you create an MD5 or SHA1 from a password as a one-off  
operation, and use that, then that is effectively your password and  
that's as such no more secure than the original password, if someone  
were to get their hands on the config file.

Your web app needs to have access to a db, so if anyone hacks the web  
app (or the server it runs on), then by definition you may presume  
they'll have the same access. That's just a fact. You can add some  
obscurity to it, but the fact remains.


Cheers,
Arjen.
-- 
Arjen Lentz, Director @ Open Query (http://openquery.com)
Exceptional Services for MySQL at a fixed budget.

Follow our blog at http://openquery.com/blog/
OurDelta: free enhanced builds for MySQL @ http://ourdelta.org