List:General Discussion« Previous MessageNext Message »
From:Ed Wang Date:August 24 2000 8:37pm
Subject:Re: Security alert: phpmyadmin
View as plain text  
Michael Widenius wrote:
> 
> The encrypted password is the real password in MySQL;  The password is
> only encrypted to not let one guess your real password;

Does this mean that when connecting to MySQL using perl (or even the
MySQL client) over a network, the following occurs?

  DBD::mysql first encrypts the password.
  It then sends the encrypted password to the MySQL server.
  The MySQL server compares it to the stored encrypted password.
  If they match, let the user in.

If so, couldn't someone sniff the packets and get the encrypted password
anyway?
	- Ed Wang

-- 
Software Engineer
ed@stripped
HomePage.com
Thread
How large a database can mySQL handle?Jeff Schwartz11 Mar
  • Re: How large a database can mySQL handle?Van12 Mar
    • Re: How large a database can mySQL handle?Michael Widenius12 Mar
  • Re: How large a database can mySQL handle?Henrique Pantarotto12 Mar
  • Re: How large a database can mySQL handle?David Sklar12 Mar
  • RE: How large a database can mySQL handle?Brett Error12 Mar
  • Re: Security alert: phpmyadminVan24 Aug
    • Re: Security alert: phpmyadminMichael Widenius28 Aug
  • Re: Security alert: phpmyadminTonu Samuel24 Aug
  • Re: Security alert: phpmyadminEd Wang24 Aug
  • Re: Security alert: phpmyadminRolf Hopkins25 Aug
    • Re: Security alert: phpmyadminBenjamin Pflugmann25 Aug
      • Re: Security alert: phpmyadminVan25 Aug
        • Re: Security alert: phpmyadminBenjamin Pflugmann25 Aug