> It's only dangerous if a customer can trick your web frontend > into displaying the output of "SELECT * FROM USERS", for > example. If the frontend only uses hardcoded queries, or > quotes every user-supplied parameter, there's no problem. In > fact, you need the password in plaintext to support a "I > forgot my password; email it to me" feature.
To explain further, MySQL account passwords are encrypted using the (one-way) password function. This works in a similar way to the UNIX passwd file so that people who do have access to the mysql.user table (possibly through a read-only backup account or whatever) can't (without a lot of effort) get any unencrypted passwords back, so they can't log in to the database as another user. You could use PASSWORD to encrypt passwords for user accounts in your database app if there is any chance that unauthorised people could access the table, otherwise it is not necessary. (Plus there is the issue of staff turnover mentioned earlier). As a side note, absolutely *all* user-supplied parameters should be verified. Sure, you can quote, but what if a user paramater includes something like abc"; delete from customers; ..... The quote has been closed, and then the user can do anything he likes. You also need to scan the user input for special characters like " and then escape them (\"), something which PHP will do for you (if you have it configured that way). Cheers, from Duncan --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
