List:General Discussion« Previous MessageNext Message »
From:Rolf Hopkins Date:August 25 2000 12:34am
Subject:Re: Security alert: phpmyadmin
View as plain text  

> Michael Widenius wrote:
> >
> > The encrypted password is the real password in MySQL;  The password is
> > only encrypted to not let one guess your real password;
>
> Does this mean that when connecting to MySQL using perl (or even the
> MySQL client) over a network, the following occurs?
>
>   DBD::mysql first encrypts the password.
>   It then sends the encrypted password to the MySQL server.
>   The MySQL server compares it to the stored encrypted password.
>   If they match, let the user in.
>
> If so, couldn't someone sniff the packets and get the encrypted password
> anyway?

I would have thought that the password would get sent to the mysql server
before being encrypted for comparison!!!

Cheers

Rolf

Thread
How large a database can mySQL handle?Jeff Schwartz11 Mar
  • Re: How large a database can mySQL handle?Van12 Mar
    • Re: How large a database can mySQL handle?Michael Widenius12 Mar
  • Re: How large a database can mySQL handle?Henrique Pantarotto12 Mar
  • Re: How large a database can mySQL handle?David Sklar12 Mar
  • RE: How large a database can mySQL handle?Brett Error12 Mar
  • Re: Security alert: phpmyadminVan24 Aug
    • Re: Security alert: phpmyadminMichael Widenius28 Aug
  • Re: Security alert: phpmyadminTonu Samuel24 Aug
  • Re: Security alert: phpmyadminEd Wang24 Aug
  • Re: Security alert: phpmyadminRolf Hopkins25 Aug
    • Re: Security alert: phpmyadminBenjamin Pflugmann25 Aug
      • Re: Security alert: phpmyadminVan25 Aug
        • Re: Security alert: phpmyadminBenjamin Pflugmann25 Aug