| List: | General Discussion | « Previous MessageNext Message » | |
| From: | Benjamin Pflugmann | Date: | August 25 2000 1:26pm |
| Subject: | Re: Security alert: phpmyadmin | ||
| View as plain text | |||
Hi. On Thu, Aug 24, 2000 at 11:51:41PM -0400, vanboers@stripped wrote: > On Fri, 25 Aug 2000, Benjamin Pflugmann wrote: > > > Hi. > > > > If I remember correctly from a former security discussion, the server > > sends a challange to the client (i.e. a random string) which gets > > encrypted with the password as seed. The encrypted string is sent back > > and verified by the server by proceeding the same procedure (as said, > > the server can easily decrypt the locally stored password string). > > > > So, no, the plain password is should never been sent around. > > > > Bye, > > > > Benjamin. > Best I can tell, if the browser isn't sending the password encrypted, it's You are absolutely correct. I was talking about the connection mysql-client <-> mysql server. > clear-text. So, it can be sniffed. Answer would be ssl, but, that forces > a restriction on the client. [...] Bye, Benjamin.
| Thread | ||
|---|---|---|
| • How large a database can mySQL handle? | Jeff Schwartz | 11 Mar |
| • Re: How large a database can mySQL handle? | Van | 12 Mar |
| • Re: How large a database can mySQL handle? | Michael Widenius | 12 Mar |
| • Re: How large a database can mySQL handle? | Henrique Pantarotto | 12 Mar |
| • Re: How large a database can mySQL handle? | David Sklar | 12 Mar |
| • RE: How large a database can mySQL handle? | Brett Error | 12 Mar |
| • Re: Security alert: phpmyadmin | Van | 24 Aug |
| • Re: Security alert: phpmyadmin | Michael Widenius | 28 Aug |
| • Re: Security alert: phpmyadmin | Tonu Samuel | 24 Aug |
| • Re: Security alert: phpmyadmin | Ed Wang | 24 Aug |
| • Re: Security alert: phpmyadmin | Rolf Hopkins | 25 Aug |
| • Re: Security alert: phpmyadmin | Benjamin Pflugmann | 25 Aug |
| • Re: Security alert: phpmyadmin | Van | 25 Aug |
| • Re: Security alert: phpmyadmin | Benjamin Pflugmann | 25 Aug |