2003年 8月 14日 木曜日 12:50、Nils Valentin さんは書きました: > Hi Steven, > > while the general idea sounds not to bad, I guess the "bad guess" would
I meant the "bad guys" - what a silly typo ;-) > just use a undecrypt function wich they either develop themself or get from > somewhere. Best regards Nils Valentin Tokyo/Japan > > 2003年 8月 14日 木曜日 03:07、Lefevre, Steven さんは書きました: > > Hey folks - > > > > While contemplating the design of a secure web database, an idea struck > > me. I'm thinking of submitting it as a feature request, so please > > critique it. > > > > I'm having php handle user logon with it's .htaccess emulation. I'm > > storing usernames and password hashes in a table. The problem is that php > > needs to open MySQL with *some user* with *some permission*, just to read > > the user table and check the password. So, It seems that I have to store > > the password plaintext somewhere in some php file. > > > > (I asked the list about this earlier and several others had great > > suggestions on how to hide this plain-text password -- Thanks Rob! -- > > but, can we make it better?) > > > > So if some wily hacker were to get the contents of this php file, s/he > > would get a username and password for the database. Now of course, I'm > > only going to give this user permission to read the user database, and > > all the passwords are hashed... but : > > > > I propose a new permission that I will call MD5read. It's like select, > > only it just returns hashes. > > > > > > So, say you do something like: > > > > SELECT password FROM user; > > > > 49726b60ccbf03d6c619632e1d5555b6 > > f8ec2c9d79b5f969a96be968e7152bbd > > > > > > SELECT username, password FROM user; > > > > 24424b444b80831b677594a238f81dd9 | 4549625d8275b97b9b4f9662f1c550fa > > 1e5143d05b327f7d3cce15f9e3e44ad2 | fe3b4b388a69ceed38d6a0066e6a221b > > > > > > SELECT username+password+somethingelse FROM user; > > > > 49726b60ccbf03d6c619632e1d5555b6 > > f8ec2c9d79b5f969a96be968e7152bbd > > > > > > > > So that way, if someone gets the username/password for this user, they > > can't get any data off of the database. > > > > One thing you have to watch is that you don't use the md5 function for a > > user that has only md5read permission, because that would double-hash it, > > and whatever you're checking would fail. > > > > I know you can do > > SELECT md5(username), md5(password) FROM user > > (or whatever the syntax is), but the user doing that has to have read > > permission already. So if a hacker gets that username and password, they > > are probably not going to hash data they are trying to get out of the > > database. > > > > I would feel safe storing a user's name and password in a plain text php > > script if they had only this permission. > > > > Is this useful? Are there any flaws in my reasoning? > > -- > --- > Valentin Nils > Internet Technology > > E-Mail: [EMAIL PROTECTED] > URL: http://www.knowd.co.jp > Personal URL: http://www.knowd.co.jp/staff/nils -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
