Re: Geting current user pasword.
On Thu, Jun 3, 2010 at 8:44 PM, Michael Dykman mdyk...@gmail.com wrote: address, there are privacy regulations which prohibit the practice. I fully agree with you, but as a matter of pedantry I would like to point out that the privacy regulations you speak of are not applicable outside of your part of the world :-) -- Bier met grenadyn Is als mosterd by den wyn Sy die't drinkt, is eene kwezel Hy die't drinkt, is ras een ezel
Geting current user pasword.
Hello, I need to get the user and password from the current session. I found the user() function, wich gets the username, is there anything like that to get the password ? Thx Guillermo __ Información de ESET NOD32 Antivirus, versión de la base de firmas de virus 5170 (20100603) __ ESET NOD32 Antivirus ha comprobado este mensaje. http://www.eset.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Geting current user pasword.
In the last episode (Jun 03), Guillermo said: Hello, I need to get the user and password from the current session. I found the user() function, wich gets the username, is there anything like that to get the password ? Nope. I don't think the server even sees the password during authentication. It's all done with hashed versions. You'll probably have to cache the original password used to make the connection, if you need to use it again later. http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html -- Dan Nelson dnel...@allantgroup.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Geting current user pasword.
It goes strongly against best practices to store user passwords in the clear. If you are storing any personal information at all, information as trivial as the association as a name and an email address, there are privacy regulations which prohibit the practice. For some trivial app, with user buy-in, it *can* be done but there is rarely a good reason for it in my experience. - michael dykman On Thu, Jun 3, 2010 at 1:12 PM, Guillermo srguiller...@yahoo.com.ar wrote: Hello, I need to get the user and password from the current session. I found the user() function, wich gets the username, is there anything like that to get the password ? Thx Guillermo __ Información de ESET NOD32 Antivirus, versión de la base de firmas de virus 5170 (20100603) __ ESET NOD32 Antivirus ha comprobado este mensaje. http://www.eset.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=mdyk...@gmail.com -- - michael dykman - mdyk...@gmail.com May the Source be with you. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: Geting current user pasword.
You mean the mysql password of the user? No, you can't get that, even the server can't get it, at least not the clear-text version. When you create/change your password an encrypted version is stored in the mysql.user table along with the hostname. If you have SELECT permission on that table, you can get the encrypted version. You could use that for some sort of separate authentication by encrypting a user-supplied password and comparing the 2 encrypted strings but you can't get the actual password. In other words, if the password is 'cat' you only see '*FD98809C60DD51B6B380DB17B72F9A9E2FE1928F in mysql.user. You could have code that checked a user-supplied password, like: if password(@pwd) = '*FD98809C60DD51B6B380DB17B72F9A9E2FE1928F' but that's it. Jim On Thu, Jun 3, 2010 at 12:12 PM, Guillermo srguiller...@yahoo.com.ar wrote: Hello, I need to get the user and password from the current session. I found the user() function, wich gets the username, is there anything like that to get the password ? Thx Guillermo __ Información de ESET NOD32 Antivirus, versión de la base de firmas de virus 5170 (20100603) __ ESET NOD32 Antivirus ha comprobado este mensaje. http://www.eset.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=jlyons4...@gmail.com -- Jim Lyons Web developer / Database administrator http://www.weblyons.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
