> How is that possible? Even if you do know someone's scrambled password,
> when you connect to the MySQL server pretending to be that user, it will
> ask you for their non-scrambled password. After you type it in,
> the server will scramble it and check that the scrambled value matches
> the scrambled value stored in the database -- but you can't intercept
> that part of the process and insert the "known scrambled" password to
> be checked.
It's called bruteforcing... knowing the scrambled password, you can encrypt
every possible password and compare it to the scrambled password to find the
original password.
Either that or the scrambled password is encrypted by the client then sent
for comparison, but I doubt it.
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
