RE: MySQL PASSWORD function
> Hi all,
>
> I can't find a description of the algorithm used in the mySQL PASSWROD
> function. I understand it's a hashing algorithm of some kind, but I
> don't know which algorithm (and I suspect it's *not* MD5.)
>
> Can anyone tell me what algorithm PASSWORD uses? The reason I ask is
> that we're trying to implement role-based security using our existing
> MySQL table of users, accessed via Java Servlet auth functions, which
> can read the User table through JDBC. BUT they don't know anything
> about PASSWORD-encrypted passwords, so I need to write something that
> hashes the password entered in the same way MySQL hashes a password (or
> abandon the use of servlet auth :-)
>
> Any clues?
How about using the PASSWORD function directly?
SELECT PASSWORD('thepassword'), Password
FROM user
WHERE User='username';
-- if they match, the unencrypted password matches.
Alternatively,
SELECT PASSWORD('thepassword')=Password
FROM user
WHERE User='username';
will return 1 on a match, 0 on non-match (watch out for
nonexisting usernames).
/ Carsten
--
Carsten H. Pedersen
keeper and maintainer of the bitbybit.dk MySQL FAQ
http://www.bitbybit.dk/mysqlfaq
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL PASSWORD function
I think mysql uses the system crypt() function. This is, no-doubt, available through some well hidden Java class. Just do "man crypt" to learn about crypt(). Chris On Tue, 29 Jan 2002 10:59:55 -0500 John Kemp <[EMAIL PROTECTED]> wrote: > Hi all, > > I can't find a description of the algorithm used in the mySQL PASSWROD > function. I understand it's a hashing algorithm of some kind, but I > don't know which algorithm (and I suspect it's *not* MD5.) > > Can anyone tell me what algorithm PASSWORD uses? The reason I ask is > that we're trying to implement role-based security using our existing > MySQL table of users, accessed via Java Servlet auth functions, which > can read the User table through JDBC. BUT they don't know anything > about PASSWORD-encrypted passwords, so I need to write something that > hashes the password entered in the same way MySQL hashes a password (or > abandon the use of servlet auth :-) > > Any clues? > > John Kemp, > Director, Software Development > Streetmail Inc. > http://www.streetmail.com > > > - > Before posting, please check: >http://www.mysql.com/manual.php (the manual) >http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]>> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php> > -- Chris Wilson <[EMAIL PROTECTED]> http://www.wapmx.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL PASSWORD function
John Kemp writes: > Hi all, > > I can't find a description of the algorithm used in the mySQL PASSWROD > function. I understand it's a hashing algorithm of some kind, but I > don't know which algorithm (and I suspect it's *not* MD5.) > > Can anyone tell me what algorithm PASSWORD uses? The reason I ask is > that we're trying to implement role-based security using our existing > MySQL table of users, accessed via Java Servlet auth functions, which > can read the User table through JDBC. BUT they don't know anything > about PASSWORD-encrypted passwords, so I need to write something that > hashes the password entered in the same way MySQL hashes a password (or > abandon the use of servlet auth :-) > > Any clues? > > John Kemp, > Director, Software Development > Streetmail Inc. > http://www.streetmail.com Hi! We use our own hash algorithm with usage of salt. Take a look at sql/password.c ... -- Regards, __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Mr. Sinisa Milivojevic <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Fulltime Developer /_/ /_/\_, /___/\___\_\___/ Larnaca, Cyprus <___/ www.mysql.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: MySQL PASSWORD function
In the last episode (Jan 29), John Kemp said:
> Hi all,
>
> I can't find a description of the algorithm used in the mySQL PASSWROD
> function. I understand it's a hashing algorithm of some kind, but I
> don't know which algorithm (and I suspect it's *not* MD5.)
The algorithm is in the sql/password.c file.
> Can anyone tell me what algorithm PASSWORD uses? The reason I ask is
> that we're trying to implement role-based security using our existing
> MySQL table of users, accessed via Java Servlet auth functions, which
> can read the User table through JDBC. BUT they don't know anything
> about PASSWORD-encrypted passwords, so I need to write something that
> hashes the password entered in the same way MySQL hashes a password (or
> abandon the use of servlet auth :-)
Just have mysql do it:
select (PASSWORD('thepassword') = password) from user where user='theuser';
will return 1 if 'theuser's password is 'thepassword', and 0 otherwise.
--
Dan Nelson
[EMAIL PROTECTED]
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
MySQL PASSWORD function
Hi all, I can't find a description of the algorithm used in the mySQL PASSWROD function. I understand it's a hashing algorithm of some kind, but I don't know which algorithm (and I suspect it's *not* MD5.) Can anyone tell me what algorithm PASSWORD uses? The reason I ask is that we're trying to implement role-based security using our existing MySQL table of users, accessed via Java Servlet auth functions, which can read the User table through JDBC. BUT they don't know anything about PASSWORD-encrypted passwords, so I need to write something that hashes the password entered in the same way MySQL hashes a password (or abandon the use of servlet auth :-) Any clues? John Kemp, Director, Software Development Streetmail Inc. http://www.streetmail.com - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
