List:General Discussion« Previous MessageNext Message »
From:Benjamin Pflugmann Date:August 25 2000 1:26pm
Subject:Re: Security alert: phpmyadmin
View as plain text  
Hi.

On Thu, Aug 24, 2000 at 11:51:41PM -0400, vanboers@stripped wrote:
> On Fri, 25 Aug 2000, Benjamin Pflugmann wrote:
> 
> > Hi.
> > 
> > If I remember correctly from a former security discussion, the server
> > sends a challange to the client (i.e. a random string) which gets
> > encrypted with the password as seed. The encrypted string is sent back
> > and verified by the server by proceeding the same procedure (as said,
> > the server can easily decrypt the locally stored password string).
> > 
> > So, no, the plain password is should never been sent around.
> > 
> > Bye,
> > 
> >         Benjamin.
> Best I can tell, if the browser isn't sending the password encrypted, it's

You are absolutely correct.

I was talking about the connection mysql-client <-> mysql server.

> clear-text.  So, it can be sniffed.  Answer would be ssl, but, that forces
> a restriction on the client.
[...]

Bye,

        Benjamin.
Thread
How large a database can mySQL handle?Jeff Schwartz11 Mar
  • Re: How large a database can mySQL handle?Van12 Mar
    • Re: How large a database can mySQL handle?Michael Widenius12 Mar
  • Re: How large a database can mySQL handle?Henrique Pantarotto12 Mar
  • Re: How large a database can mySQL handle?David Sklar12 Mar
  • RE: How large a database can mySQL handle?Brett Error12 Mar
  • Re: Security alert: phpmyadminVan24 Aug
    • Re: Security alert: phpmyadminMichael Widenius28 Aug
  • Re: Security alert: phpmyadminTonu Samuel24 Aug
  • Re: Security alert: phpmyadminEd Wang24 Aug
  • Re: Security alert: phpmyadminRolf Hopkins25 Aug
    • Re: Security alert: phpmyadminBenjamin Pflugmann25 Aug
      • Re: Security alert: phpmyadminVan25 Aug
        • Re: Security alert: phpmyadminBenjamin Pflugmann25 Aug