At 12:07 PM -0500 8/11/02, Paul DuBois wrote: >If you write the query like that, yes, it will use a complete scan. >But you could also use > >... AND LoginPassword = ENCODE($PasswordEntered,'MySalt') > >which doesn't perform a calculation on the LoginPassword column and thus >can use an index. This is similar to your query below, but I think you >want ENCODE(), not DECODE(), since you're storing encrypted strings.
Thank you Paul for the clarification. At 5:30 PM +0100 8/11/02, Mike Hall wrote: >An easier (and more secure) way, surely, is to use one-way encryption... and >if a user forgets his/her password, replace it with a random alphanumeric >string and mail that to them instead with instructions to change it to one >of their own choosing as soon as possible. I will consider this option since I have just learned that Encode cannot be used since it stores the value as binary. Another application that uses the database apparently cannot work with this binary value. In addition, I would rather not use MySQL 4 until it is beta (at least) and so will have to wait to use AES_ENCRYPT() and AES_DECRYPT(), but would this be my solution if I was using MySQL 4? In conclusion, there is no reversible encryption available in MySQL 3.+ that can be stored as a text string(?) -- Michael __ ||| Michael Collins ||| ||| Kuwago Inc ||| mailto:[EMAIL PROTECTED] ||| Seattle, WA, USA ||| http://www.lassodev.com --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
