For passwords it is good to use the sql function password(). This is done
like this:
to insert:
insert into users ('username1234', password('userspassword') );
to load
select * from users where username='username1234' AND
password=password('userspassword')
Hope this helps.
ryan
> Hi,
>
> > > > So where does mysql get its salt from? Is it a random salt?
> > This confused the hell our of me for around an hour!
>
> > > You should look MySQL manual not C crypt manpage ;). And yes, this is
> > > random salt and makes life little bit more secure.
>
> > Ok, so you can obtain a random result (thought that was what random()
> > was for), but still cannot understand how this could be usefull.
>
> If you take another look at the man page for the crypt() system call,
you'll
> notice that it says that "the first two characters represent the salt
> itself" when mentioning what constitutes the returned value.
>
> So, given this, you can consistently re-encrypt a string to compare
against
> the original by taking the first two characters and using them as the
salt.
> The example below demonstrates this.
>
> mysql> select encrypt('blahblah');
> +---------------------+
> | encrypt('blahblah') |
> +---------------------+
> | IIRggo.uD7.Xk |
> +---------------------+
> 1 row in set (0.00 sec)
>
> mysql> select encrypt('blahblah', 'II');
> +---------------------------+
> | encrypt('blahblah', 'II') |
> +---------------------------+
> | IIRggo.uD7.Xk |
> +---------------------------+
> 1 row in set (0.00 sec)
>
> > I use
> > encrypt to store password info in a database, but how do you compare the
> > user entered password with the one in the database if the results vary
> > the whole time? Please give me an application for this behaviour and I
> > will be happy :-)
>
> In your case, when comparing the password the user has entered against
what
> is in the database (an encrypted value) you first need to get the first
two
> characters of what is already in the database for that user. Something
along
> the lines of this should do the trick:
>
> SELECT * FROM users_table WHERE username = 'johndoe' AND passwd =
> ENCRYPT('secretpasswd', LEFT(passwd, 2));
>
> Regards,
>
> Basil Hussain
> ---------------------------------------
> Internet Developer, Kodak Weddings
> E-Mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
> http://www.mysql.com/manual.php (the manual)
> http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
