subject:"RE\: What's the syntax for using ENCODE\(\)\?"

RE: What's the syntax for using ENCODE()?

2001-03-01 Thread Julian Strickland

You have an odd number of brackets in each case, you are missing a " ) "
 -Original Message-
 From: Kinney Baughman [SMTP:[EMAIL PROTECTED]]
 Sent: Wednesday, February 28, 2001 11:18 PM
 To:   [EMAIL PROTECTED]
 Subject:  What's the syntax for using ENCODE()?

 Hi,

 I'm trying to encrypt credit_card numbers in MySQL 3.23.33.  I want to
 decrypt them when I retrieve them.

 I've tried:

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",encode('','Ilwfci');
 ERROR 1064: You have an error in your SQL syntax near '' at line 1

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",encode(,Ilwfci);
 ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",ENCODE('',Ilwfci);
 ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",encode(,'Ilwfci');
 ERROR 1064: You have an error in your SQL syntax near '' at line 1

 I have "ccaccount" set up as a blob.

 As you can see, all I get is error messages.  What am I doing wrong?

 After I get them in, my next question is how to get them back out.

 According to the manual, one should use: DECODE(crypt_str,pass_str) where
 "crypt_str" should be a string returned from ENCODE().  This seems to be a
 catch-22, though.  Wouldn't I have to know the value of "crypt_str", i.e.
 the credit_card number in order to get that encrypted string out of
 ENCODE()?

 Thanks.  
 -- 
 +---+
 | Kinney Baughman  Appalachian State University |
 | Appalachian Regional Development InstituteBoone, NC 28608 |
 | Email:   [EMAIL PROTECTED]   Phone:  (828) 262-6523 |
 +---+

 -
 Before posting, please check:
http://www.mysql.com/manual.php   (the manual)
http://lists.mysql.com/   (the list archive)

 To request this thread, e-mail [EMAIL PROTECTED]
 To unsubscribe, e-mail
 [EMAIL PROTECTED]
 Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: What's the syntax for using ENCODE()?

2001-02-28 Thread Eric Fitzgerald


Your not closing off enough )'s

should look like this:
insert into payment (payname1,ccaccount) values
('Kinney',encode('','Ilwfci'));

Then, for decode, you do it like this:
SELECT DECODE(ccaccount,'Ilwfci') AS ccnumber FROM payment WHERE payname =
'Kinney';
- Original Message -
From: "Kinney Baughman" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 28, 2001 3:18 PM
Subject: What's the syntax for using ENCODE()?


 Hi,

 I'm trying to encrypt credit_card numbers in MySQL 3.23.33.  I want to
 decrypt them when I retrieve them.

 I've tried:

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",encode('','Ilwfci');
 ERROR 1064: You have an error in your SQL syntax near '' at line 1

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",encode(,Ilwfci);
 ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",ENCODE('',Ilwfci);
 ERROR 1064: You have an error in your SQL syntax near 'Ilwfci)' at line 1

 mysql insert into payment (payname1,ccaccount) values
 ("Kinney",encode(,'Ilwfci');
 ERROR 1064: You have an error in your SQL syntax near '' at line 1

 I have "ccaccount" set up as a blob.

 As you can see, all I get is error messages.  What am I doing wrong?

 After I get them in, my next question is how to get them back out.

 According to the manual, one should use: DECODE(crypt_str,pass_str) where
 "crypt_str" should be a string returned from ENCODE().  This seems to be a
 catch-22, though.  Wouldn't I have to know the value of "crypt_str", i.e.
 the credit_card number in order to get that encrypted string out of
 ENCODE()?

 Thanks.
 --
 +---+
 | Kinney Baughman  Appalachian State University |
 | Appalachian Regional Development InstituteBoone, NC 28608 |
 | Email:   [EMAIL PROTECTED]   Phone:  (828) 262-6523 |
 +---+

 -
 Before posting, please check:
http://www.mysql.com/manual.php   (the manual)
http://lists.mysql.com/   (the list archive)

 To request this thread, e-mail [EMAIL PROTECTED]
 To unsubscribe, e-mail [EMAIL PROTECTED]
 Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php





-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: What's the syntax for using ENCODE()?

2001-02-28 Thread Kyle Hayes



(second try, I had some magic words in this that set off the spam filter...)

Just as a general security note, make sure that you are not logging these SQL 
commands somewhere...  If you have entries like:

 INSERT INTO my_table (blah, blah, blah) VALUES 
 (ENCODE('password','someval'...)...

you can just read the update log to find them.   If you have full logging 
enabled, you will see the SELECT statements that pull back the encrypted 
data.  Both will give any casual reader the password for the encryption.  
This is generally considered to be a bad thing :-)

Either turn off logging entirely (not really a good idea), do the 
encryption/decryption outside the database code (a much better idea), or turn 
off logging just for these statements with the SET LOG... stuff.  The 
privileges are a little tricky to set up for the latter.  I don't remember 
what they are off the top of my head.

I much prefer doing the encryption somewhere else.  That way, an accident 
with database configuration won't leave all your nice encryption passwords 
sitting around in a plaintext file.

Cr#dit c#rds are a very valuable and easy to use form of money.  They are 
widely prized by thieves for these reasons.  They have strong economic 
incentives to hack your database or pay off your people or dig in your 
garbage for printouts of log files.  Cr#dit c#rd numbers do not belong to 
you, so there are all kinds of interesting legal issues that come up if you 
are responsible for leaking them.

Best,
Kyle

-- 
Kyle Hayes
Quicknet Technologies  t: +1 415 864 5225
520 Townsend St. Suite D  f: +1 415 864 8388
San Francisco, CA 94103 w: http://www.quicknet.net
USA

***
"HEAR THE DIFFERENCE" with a live MICROTELCO demo at:
Computer Telephony EXPO, Mar 6-8, Los Angeles, CA

MicroTelco is a revolutionary service that brings multiple Internet
Telephony Service Providers (ITSPs) together in a convenient,
simple to use account center for greater reliability and flexibility.
For more information visit: http://www.microtelco.com.

-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

RE: What's the syntax for using ENCODE()?

Re: What's the syntax for using ENCODE()?

Re: What's the syntax for using ENCODE()?

3 matches

Site Navigation

Mail list logo

Footer information