List:General Discussion« Previous MessageNext Message »
From:Martin Ramsch Date:September 23 1999 7:04pm
Subject:Re: password comparisons
View as plain text  
On Thu, 1999-09-23 15:24:55 -0300, Alejandro Leonian wrote:
> lets suppose that i have a Users table with the following columns:
> FirstName,LastName and Password.
> 
> to add a new user i would do a :
> INSERT INTO Users
> VALUES(´Bill´,´Gates´,PASSWORD(´666´));
> 
> That would translate to :
> 
> +-----------+----------+------------------+
> | FirstName | LastName | Password         |
> +-----------+----------+------------------+
> | Bill      | Gates    | 76c839590cf2cbc8 |
> +-----------+----------+------------------+
> 
> Now, i want to make a login script (am using perl) that checks
> whether the username Bill matches the password inputed by the user.
[...]
> should i encrypt the password provided,insert it inside a temporal
> table,read from it and compare?

Very nearly: just compare the stored (encrypted) password with the
             encryption of the password provided!

   ... WHERE ... PASSWORD('input') = Users.Password

Regards,
  Martin
-- 
Martin Ramsch <m.ramsch@stripped> <URL: http://home.pages.de/~ramsch/ >
PGP KeyID=0xE8EF4F75 FiPr=52 44 5E F3 B0 B1 38 26  E4 EC 80 58 7B 31 3A D7
Thread
password comparisonsAlejandro Leonian23 Sep
  • Re: password comparisonsMartin Ramsch23 Sep
  • Re: password comparisonsGreg Patterson23 Sep