http://www.mysql.com/doc/U/s/User_names.html
says:
>>>
MySQL encrypts passwords using a different algorithm than the one used
during the Unix login process. See the descriptions of the PASSWORD() and
ENCRYPT() functions in section 6.4.12 Miscellaneous Functions. Note
that even if the password is stored 'scrambled', and knowing your
'scrambled'
password is enough to be able to connect to the MySQL server!
>>>
How is that possible? Even if you do know someone's scrambled password,
when you connect to the MySQL server pretending to be that user, it will
ask you for their non-scrambled password. After you type it in, the server
will scramble it and check that the scrambled value matches the scrambled
value stored in the database -- but you can't intercept that part of the
process and insert the "known scrambled" password to be checked.
-Bennett
[EMAIL PROTECTED] http://www.peacefire.org
(425) 649 9024
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
