Are the databases under the same database engine instance? If they are its
not a problem as the password is the system table users and you can grant
access for that user to various databases in the system table database. To
use the encrypted password field, use the password('password') function
supplied by the MySQL library. It only encrypts your password string, but
it will let you do a compare of the strings.
Hope this helps.
Joe
-----Original Message-----
From: Cees Hek [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 11:29 AM
To: Martin Moss
Cc: Modperl
Subject: Re: mysql password encryption
Quoting Martin Moss <[EMAIL PROTECTED]>:
> All,
>
> I wish to let a user use the same password for them to authenticate to a
> multitude of mysql Databases AND to authenticate themselves on my modperl
> site.
> the problem I have is that I store the password in the database as a
> Password field. However when I wish to use DBI to connect to another mysql
> database I cannot use the Password stored in the database as it comes out
> encrypted. I really don't want to store the unencrypted password anywhere
> on the system. Is there a way to let DBI/mysql know that the password I am
> giving them is ALREADY encrypted?
A feature like that would defeat the purpose of encrypting the password in
the
first place. The point of encrypting the password is so that if someone
gets
their hands on the password list, they can not use the encrypted password to
access the system. They would have to crack the passwords first before
using
them to access the system.
By allowing someone to access the system with an already encrypted password,
then your passwords might as well not be encrypted at all.
Since you are using MySQL, have you looked at using the
mysql_read_default_file
option to store your password in a config file? Using a DSN like the
following
allows you to keep the username and password in a config file. Check the
DBD::mysql perldocs for more info, and the MySQL docs for all the parameters
you
can put in such a file.
DBI:mysql:test;mysql_read_default_file=/etc/mysql/test.my.conf
and in /etc/mysql/test.my.conf
[client]
user = www
password = thebigsecretpassword
Then protect the file:
chown www /etc/mysql/test.my.conf
chmod 400 /etc/mysql/test.my.conf
You still have the password in plain text, but it is readable only by root
and
the user that runs the webserver. You can use this to connect to multiple
MySQL
servers as long as the access tokens are the same on all servers.
Cees
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
