Steven Kreuzer wrote:
>http://www.stunnel.org/examples/mysql.html
>
>SK
>
>mysql, sql, query
>
>On Thursday, September 26, 2002, at 12:40 PM, John Holmes wrote:
>
>
>
>>>I am connecting to a mysql server on a remote machine, and opened up
>>>
>>>
>>port
>>
>>
>>>3306 for this purpose. But, I am concerned about sending a clear text
>>>password, via the mysql_pconnect() call. My question is, what is the
>>>procedure for connecting to a remote server with an encrypted
>>>
>>>
>>password?
>>
>>
>>>Or, does mysql_pconnect handle this?
>>>
>>>
>>Nope, it's all in the clear. MySQL 4.0 has support for doing this over
>>SSL, I think.
>>
Actually, the password is never sent, in-the-clear or otherwise with
MySQL. It's a challenge-response scheme based on a token the server
gives the client on connect, and a hash of that token together with the
password is sent back to the server. Only if both parties know the
password, is the hash correct, and authentication is successful. In no
case does the password actually travel over the wire.
-Mark
--
For technical support contracts, visit https://order.mysql.com/?ref=mmma
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mark Matthews <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Full-Time Developer - JDBC/Java
/_/ /_/\_, /___/\___\_\___/ Flossmoor (Chicago), IL USA
<___/ www.mysql.com
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
