it's not all that dangerous. it just means that you can read your users' passwords. anyone who can read that db table can become any of your users. password fields are just another safeguard against a "just in case someone gets read access to this" scenario. they also serve to provide more privacy to your users. re: some of your users may not want you / the admins of whatever service you're providing being able to read their passwords.
but maybe you want to be able to read your users' passwords, for testing purposes or whatever. -tcl. On Wed, 12 Dec 2001, James McLaughlin wrote: > The new programmer for our company is not using the dataType "password" or > any encryption what so ever for our user accounts (accounts that our > customers use for getting into our system) in our database. > > Instead he is using the VarChar dataType. > > Can someone explain to me how I can exploit this and show them it is very > dangerous. > > > > Thanks > > James > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > > --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
