Re: Password storage
On 8/18/07, C K <[EMAIL PROTECTED]> wrote: > Friends, > I have one question - How to store passwords in MySQL database table in a > secure way so that no one can see the password(understand the password > string)? It is considered bad security practice to store passwords using reversible encryption. The issue is that users tend to choose the same passwords across different computing systems, as well as personal e-mail and banking accounts. The most common method is to keep a string, known only to the server, that is used to help generate the MD5 or SHA1 hash actually stored. The stored value is then generated using something like: MD5(CONCAT(server_string, user_password, server_string)) In order to be able to mount some kind of an attack other than brute force, an attacker would need to also have the server_string. The disadvantage of using only the user password for the MD5 is that it lends itself to a dictionary attack. So, a bit of randomness thrown in is helpful. http://en.wikipedia.org/wiki/Dictionary_attack As another poster pointed out, the probability of two different passwords having the same hash is remote. Using the SHA1 (160 bits) as an example, and assuming about 64 different characters (6 bits) available for passwords, the SHA1 is about 26 characters of information. Remote. Dave.
Re: Query cache problem with stored procedures
Hi, Your questions are answered in the manual: http://dev.mysql.com/doc/refman/5.0/en/query-cache-how.html It is a known limitation. Edoardo Serra wrote: Hi all, I'm benchmarking performance improvement with MySQL Query Cache turned on but I'm facing some problem with queries inside stored procedures when they contains variable parameters I just created this stored procedure to identify the problem CREATE PROCEDURE `proc_test_qcache`(IN mailbox_number VARCHAR(64)) READS SQL DATA DETERMINISTIC BEGIN SELECT password FROM users WHERE mailbox = mailbox_number; END I see, looking at Qcache status, that calls to that stored procedure are not cached. Is it a known limitation ? I think that MySQL should evaluate caching after variable substitution but I'm not aware of MySQL internals to judge if this is the correct behaviour. P.S: I noticed that MySQL caches without problems queries contained in stored procedures which does not contains variables. Tnx in advance for help Regards Edoardo Serra WeBRainstorm S.r.l. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Query cache problem with stored procedures
Hi all, I'm benchmarking performance improvement with MySQL Query Cache turned on but I'm facing some problem with queries inside stored procedures when they contains variable parameters I just created this stored procedure to identify the problem CREATE PROCEDURE `proc_test_qcache`(IN mailbox_number VARCHAR(64)) READS SQL DATA DETERMINISTIC BEGIN SELECT password FROM users WHERE mailbox = mailbox_number; END I see, looking at Qcache status, that calls to that stored procedure are not cached. Is it a known limitation ? I think that MySQL should evaluate caching after variable substitution but I'm not aware of MySQL internals to judge if this is the correct behaviour. P.S: I noticed that MySQL caches without problems queries contained in stored procedures which does not contains variables. Tnx in advance for help Regards Edoardo Serra WeBRainstorm S.r.l. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
