Cheers for all your help, I realised that I didn't need to worry about decrypting the passwords as I can use the encrypted password with GRANT. so it solved my problem. I guess I'll have to group my grants by table rather than permission though.
Regards Marty ----- Original Message ----- From: "Joe Palladino" <[EMAIL PROTECTED]> To: "Cees Hek" <[EMAIL PROTECTED]>; "Martin Moss" <[EMAIL PROTECTED]> Cc: "Modperl" <[EMAIL PROTECTED]> Sent: Thursday, January 23, 2003 3:44 PM Subject: RE: mysql password encryption > Are the databases under the same database engine instance? If they are its > not a problem as the password is the system table users and you can grant > access for that user to various databases in the system table database. To > use the encrypted password field, use the password('password') function > supplied by the MySQL library. It only encrypts your password string, but > it will let you do a compare of the strings. > > Hope this helps. > Joe > > -----Original Message----- > From: Cees Hek [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 22, 2003 11:29 AM > To: Martin Moss > Cc: Modperl > Subject: Re: mysql password encryption > > Quoting Martin Moss <[EMAIL PROTECTED]>: > > > All, > > > > I wish to let a user use the same password for them to authenticate to a > > multitude of mysql Databases AND to authenticate themselves on my modperl > > site. > > the problem I have is that I store the password in the database as a > > Password field. However when I wish to use DBI to connect to another mysql > > database I cannot use the Password stored in the database as it comes out > > encrypted. I really don't want to store the unencrypted password anywhere > > on the system. Is there a way to let DBI/mysql know that the password I am > > giving them is ALREADY encrypted? > > A feature like that would defeat the purpose of encrypting the password in > the > first place. The point of encrypting the password is so that if someone > gets > their hands on the password list, they can not use the encrypted password to > access the system. They would have to crack the passwords first before > using > them to access the system. > > By allowing someone to access the system with an already encrypted password, > then your passwords might as well not be encrypted at all. > > Since you are using MySQL, have you looked at using the > mysql_read_default_file > option to store your password in a config file? Using a DSN like the > following > allows you to keep the username and password in a config file. Check the > DBD::mysql perldocs for more info, and the MySQL docs for all the parameters > you > can put in such a file. > > DBI:mysql:test;mysql_read_default_file=/etc/mysql/test.my.conf > > and in /etc/mysql/test.my.conf > > [client] > user = www > password = thebigsecretpassword > > Then protect the file: > > chown www /etc/mysql/test.my.conf > chmod 400 /etc/mysql/test.my.conf > > You still have the password in plain text, but it is readable only by root > and > the user that runs the webserver. You can use this to connect to multiple > MySQL > servers as long as the access tokens are the same on all servers. > > Cees > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003 > >