Yes.
1. Read the manual sections concerning setting up new accounts with special emphasis on
passwords.
2. When you thoroughly understand those matters, take the issue to the system
administrator and/or management.
hth,
Doug
Only two things are infinite, the universe and human stupidity, and I'm not sure about the
former.
-- Albert Einstein
On Wed, 12 Dec 2001 15:55:04 -0700, James McLaughlin wrote:
>The new programmer for our company is not using the dataType "password" or
>any encryption what so ever for our user accounts (accounts that our
>customers use for getting into our system) in our database.
>
>Instead he is using the VarChar dataType.
>
>Can someone explain to me how I can exploit this and show them it is very
>dangerous.
>
>
>
>Thanks
>
>James
>
>---------------------------------------------------------------------
>Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
>To request this thread, e-mail <mysql-thread93820@stripped>
>To unsubscribe, e-mail
> <mysql-unsubscribe-dthompson=brickbarn.com@stripped>
>Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
