Point well taken. I will do remotes that way.
Curtis
On Sun, 16 Feb 2003, Michael T. Babcock wrote:
> Curtis Maurand wrote:
>
> >need to encrypt data and then retrieve it later (credit card data). I could
> >probably pass it through and md5 or des function via openssl I suppose and
> >then store it. Perl and PHP both have functions to handle that.
> >
> >
>
> Just to be a security nut, you shouldn't use the encryption functions in
> MySQL at all unless you're always connecting (guaranteed) to the server
> as localhost (and always will be). You should always do your
> encryption/decryption/hashing in your program and then do the queries
> based on that data. Download a copy of mcrypt and mhash and you'll see
> that they're quite easy to use. openssl is another option if you feel
> so inclined.
>
> For example:
>
> $pass = "...";
> $pass_md5 = md5sum($pass);
> mysql_query('update users set password = "$pass_md5" where id = $id');
>
> or
>
> $res = mysql_query('select password from users where id = $id');
> $row = mysql_fetch_array($res);
> if ($row['password'] != $pass_md5) die("Bad password");
>
> This way, the data going over the MySQL link is already secure before it
> goes over your network or leaves your program.
>
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
