List:General Discussion« Previous MessageNext Message »
From:Daniel Kiss Date:August 29 2002 5:15am
Subject:Re: mysql password ( )
View as plain text  
Securest? Yes, maybe. But first of all the security of a web site does not 
depend on the password encoding system (PASSWORD or MD5) you use in the 
MySQL database. (I mean firewalls, good OS, so on.)

At 00:32 2002.08.29. -0400, you wrote:
>so md5 would be the securest way to handle password security for a website?
>
>
>Randy
>----- Original Message -----
>From: "Daniel Kiss" <niel@stripped>
>To: <mysql@stripped>
>Sent: Thursday, August 29, 2002 12:19 AM
>Subject: Re: mysql password ( )
>
>
> > Hi,
> >
> > The password() function is a "one way encoder". In other words it just
> > generates some kind of checksum of the input parameter.
> > So you cannot decrypt them, but it is much safer than encrypting and
> > decrypting strings, because even the attacker cannot decrypt them. :-)
> >
> > You can use it this way for example:
> >
> > Let's say my password is: abcdef
> >
> > Password('abcdef') -> 0bc7a0b7062090d5 (You must store this checksum in
>the
> > database.)
> >
> > When you want to check if the password entered by the user is correct, you
> > need to do this:
> >
> > The password entered by the user: abcdeg
> >
> > You call the password function:
> >
> > Password('abcdeg') -> 0bc7a2b806208ed6
> >
> > Compare the stored checksum and this one: NOT EQUAL -> entered password is
>bad
> >
> >
> > Notice that if there is only a small difference between the right and the
> > entered words the checksum will be different in many aspects. That's why
>it
> > is quite safe.
> >
> > But you can get better protecting if you use the MD5 function. It works
>the
> > same way than the password function, but generates 32 character long
> > checksum instead of 16.
> >
> >
> >
> > At 10:47 2002.08.28._ -0600, you wrote:
> > >I have used the mysql password(\"$pass \") function in the past to
>encrypt
> > >passwords into the db. but can not decrypt  them if needed. I know this
>is
> > >not something new.
> > >
> > >Is there a better way to protect passwords in the db and then decrypt
>them
> > >if needed ?
> > >
> > >Thanks
> > >
> > >Mark
> > >
> > >
> > >---------------------------------------------------------------------
> > >Before posting, please check:
> > >    http://www.mysql.com/manual.php  (the manual)
> > >    http://lists.mysql.com/          (the list archive)
> > >
> > >To request this thread, e-mail <mysql-thread118248@stripped>
> > >To unsubscribe, e-mail
><mysql-unsubscribe-niel=mailbox.hu@stripped>
> > >Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
> >
> > ---------------------------------------------------------------------
> > Before posting, please check:
> >    http://www.mysql.com/manual.php  (the manual)
> >    http://lists.mysql.com/          (the list archive)
> >
> > To request this thread, e-mail <mysql-thread118315@stripped>
> > To unsubscribe, e-mail
><mysql-unsubscribe-icgphp=icecoldgold.com@stripped>
> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
> >
>
>
>
>---------------------------------------------------------------------
>Before posting, please check:
>    http://www.mysql.com/manual.php  (the manual)
>    http://lists.mysql.com/          (the list archive)
>
>To request this thread, e-mail <mysql-thread118316@stripped>
>To unsubscribe, e-mail 
><mysql-unsubscribe-rudy.metzger=pareto.nl@stripped>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Thread
MS Access and mySQLJonathan Coleman28 Aug
  • RE: MS Access and mySQLBryant Hester28 Aug
    • RE: MS Access and mySQLNicholas Stuart28 Aug
      • RE: MS Access and mySQLRoger Davis28 Aug
        • RE: MS Access and mySQLNicholas Stuart28 Aug
        • Re: MS Access and mySQLGelu Gogancea28 Aug
  • mysql password ( )Mark Stringham28 Aug
    • Re: mysql password ( )lbelen28 Aug
    • Re: mysql password ( )Daniel Kiss29 Aug
  • Re: mysql password ( )Randy Johnson29 Aug
Re: MS Access and mySQLNicholas Stuart28 Aug
  • RE: MS Access and mySQLMary Stickney28 Aug
    • Re: MS Access and mySQLMark Matthews28 Aug
      • RE: MS Access and mySQLMary Stickney28 Aug
        • Re: RE: MS Access and mySQLEgor Egorov29 Aug
Re: MS Access and mySQLArthur Fuller28 Aug
  • Re: MS Access and mySQLNicholas Stuart29 Aug
Re: mysql password ( )Daniel Kiss29 Aug