Hi Steven, while the general idea sounds not to bad, I guess the "bad guess" would just use a undecrypt function wich they either develop themself or get from somewhere.
Best regards Nils Valentin Tokyo/Japan 2003年 8月 14日 木曜日 03:07、Lefevre, Steven さんは書きました: > Hey folks - > > While contemplating the design of a secure web database, an idea struck me. > I'm thinking of submitting it as a feature request, so please critique it. > > I'm having php handle user logon with it's .htaccess emulation. I'm storing > usernames and password hashes in a table. The problem is that php needs to > open MySQL with *some user* with *some permission*, just to read the user > table and check the password. So, It seems that I have to store the > password plaintext somewhere in some php file. > > (I asked the list about this earlier and several others had great > suggestions on how to hide this plain-text password -- Thanks Rob! -- but, > can we make it better?) > > So if some wily hacker were to get the contents of this php file, s/he > would get a username and password for the database. Now of course, I'm only > going to give this user permission to read the user database, and all the > passwords are hashed... but : > > I propose a new permission that I will call MD5read. It's like select, only > it just returns hashes. > > > So, say you do something like: > > SELECT password FROM user; > > 49726b60ccbf03d6c619632e1d5555b6 > f8ec2c9d79b5f969a96be968e7152bbd > > > SELECT username, password FROM user; > > 24424b444b80831b677594a238f81dd9 | 4549625d8275b97b9b4f9662f1c550fa > 1e5143d05b327f7d3cce15f9e3e44ad2 | fe3b4b388a69ceed38d6a0066e6a221b > > > SELECT username+password+somethingelse FROM user; > > 49726b60ccbf03d6c619632e1d5555b6 > f8ec2c9d79b5f969a96be968e7152bbd > > > > So that way, if someone gets the username/password for this user, they > can't get any data off of the database. > > One thing you have to watch is that you don't use the md5 function for a > user that has only md5read permission, because that would double-hash it, > and whatever you're checking would fail. > > I know you can do > SELECT md5(username), md5(password) FROM user > (or whatever the syntax is), but the user doing that has to have read > permission already. So if a hacker gets that username and password, they > are probably not going to hash data they are trying to get out of the > database. > > I would feel safe storing a user's name and password in a plain text php > script if they had only this permission. > > Is this useful? Are there any flaws in my reasoning? -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
