List:General Discussion« Previous MessageNext Message »
From:Greg Patterson Date:September 23 1999 7:17pm
Subject:Re: password comparisons
View as plain text  
On Thu, 23 Sep 1999, Alejandro Leonian wrote:

> INSERT INTO Users
> VALUES(´Bill´,´Gates´,PASSWORD(´666´));
> Now, i want to make a login script (am using perl) that checks whether the
> username Bill matches the password inputed by the user.But the user inputs
> his password UNencrypted..and the password in the database is ENcrypted!
> how am i suppose to make the comparison between the two? is there any
> UNencrypt password function or something similar?
> Should i keep the passwords plain text?

No.

> should i encrypt the password provided,insert it inside a temporal
> table,read from it and compare?

Given unencrypted user password passed from user to CGI script
as $password...

$sql = "select password(" . $dbh->quote($password) .
   ") as password";
$dbh->prepare($sql);
$dbh->execute($sql);

get result from query (single record - very fast) and compare it
to the entry from your user file.. You are comparing the encrypted
values on both sides of the condition.

================================================================
|    Greg Patterson      | EMAIL: gomer@stripped        |
|                        |        gomer@stripped              |
| Linux: The choice of a | IRC:   xed (Irc.OpenProjects.Net)   |
| GNU generation!        | WWW:   http://www.linuxhelp.org/    |
================================================================

Thread
password comparisonsAlejandro Leonian23 Sep
  • Re: password comparisonsMartin Ramsch23 Sep
  • Re: password comparisonsGreg Patterson23 Sep