Cheers for all your help,
I realised that I didn't need to worry about decrypting the passwords as I
can use the encrypted password with GRANT. so it solved my problem.
I guess I'll have to group my grants by table rather than permission though.
Regards
Marty
----- Original Message -----
From: "Joe Palladino" <[EMAIL PROTECTED]>
To: "Cees Hek" <[EMAIL PROTECTED]>; "Martin Moss"
<[EMAIL PROTECTED]>
Cc: "Modperl" <[EMAIL PROTECTED]>
Sent: Thursday, January 23, 2003 3:44 PM
Subject: RE: mysql password encryption
> Are the databases under the same database engine instance? If they are
its
> not a problem as the password is the system table users and you can grant
> access for that user to various databases in the system table database.
To
> use the encrypted password field, use the password('password') function
> supplied by the MySQL library. It only encrypts your password string, but
> it will let you do a compare of the strings.
>
> Hope this helps.
> Joe
>
> -----Original Message-----
> From: Cees Hek [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 22, 2003 11:29 AM
> To: Martin Moss
> Cc: Modperl
> Subject: Re: mysql password encryption
>
> Quoting Martin Moss <[EMAIL PROTECTED]>:
>
> > All,
> >
> > I wish to let a user use the same password for them to authenticate to a
> > multitude of mysql Databases AND to authenticate themselves on my
modperl
> > site.
> > the problem I have is that I store the password in the database as a
> > Password field. However when I wish to use DBI to connect to another
mysql
> > database I cannot use the Password stored in the database as it comes
out
> > encrypted. I really don't want to store the unencrypted password
anywhere
> > on the system. Is there a way to let DBI/mysql know that the password I
am
> > giving them is ALREADY encrypted?
>
> A feature like that would defeat the purpose of encrypting the password in
> the
> first place. The point of encrypting the password is so that if someone
> gets
> their hands on the password list, they can not use the encrypted password
to
> access the system. They would have to crack the passwords first before
> using
> them to access the system.
>
> By allowing someone to access the system with an already encrypted
password,
> then your passwords might as well not be encrypted at all.
>
> Since you are using MySQL, have you looked at using the
> mysql_read_default_file
> option to store your password in a config file? Using a DSN like the
> following
> allows you to keep the username and password in a config file. Check the
> DBD::mysql perldocs for more info, and the MySQL docs for all the
parameters
> you
> can put in such a file.
>
> DBI:mysql:test;mysql_read_default_file=/etc/mysql/test.my.conf
>
> and in /etc/mysql/test.my.conf
>
> [client]
> user = www
> password = thebigsecretpassword
>
> Then protect the file:
>
> chown www /etc/mysql/test.my.conf
> chmod 400 /etc/mysql/test.my.conf
>
> You still have the password in plain text, but it is readable only by root
> and
> the user that runs the webserver. You can use this to connect to multiple
> MySQL
> servers as long as the access tokens are the same on all servers.
>
> Cees
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
>
>
