Encrypted password
I had an encrypted password. I changed the encrypted password as follows: mysql>update user password=newpassword; I immediately relised that I should have used the following: mysql>update user password=PASSWORD(newpassword); I am can not now use MySQL which is locally installed in my home computer. Help please. Maru ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: encrypted password
However, I currently have a need to extract and decode that data. I need
a two way function.
Curtis
On Sun, 16 Feb 2003, Michael T. Babcock wrote:
> Curtis Maurand wrote:
>
> >need to encrypt data and then retrieve it later (credit card data). I could
> >probably pass it through and md5 or des function via openssl I suppose and
> >then store it. Perl and PHP both have functions to handle that.
> >
> >
>
> Just to be a security nut, you shouldn't use the encryption functions in
> MySQL at all unless you're always connecting (guaranteed) to the server
> as localhost (and always will be). You should always do your
> encryption/decryption/hashing in your program and then do the queries
> based on that data. Download a copy of mcrypt and mhash and you'll see
> that they're quite easy to use. openssl is another option if you feel
> so inclined.
>
> For example:
>
> $pass = "...";
> $pass_md5 = md5sum($pass);
> mysql_query('update users set password = "$pass_md5" where id = $id');
>
> or
>
> $res = mysql_query('select password from users where id = $id');
> $row = mysql_fetch_array($res);
> if ($row['password'] != $pass_md5) die("Bad password");
>
> This way, the data going over the MySQL link is already secure before it
> goes over your network or leaves your program.
>
>
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
Point well taken. I will do remotes that way.
Curtis
On Sun, 16 Feb 2003, Michael T. Babcock wrote:
> Curtis Maurand wrote:
>
> >need to encrypt data and then retrieve it later (credit card data). I could
> >probably pass it through and md5 or des function via openssl I suppose and
> >then store it. Perl and PHP both have functions to handle that.
> >
> >
>
> Just to be a security nut, you shouldn't use the encryption functions in
> MySQL at all unless you're always connecting (guaranteed) to the server
> as localhost (and always will be). You should always do your
> encryption/decryption/hashing in your program and then do the queries
> based on that data. Download a copy of mcrypt and mhash and you'll see
> that they're quite easy to use. openssl is another option if you feel
> so inclined.
>
> For example:
>
> $pass = "...";
> $pass_md5 = md5sum($pass);
> mysql_query('update users set password = "$pass_md5" where id = $id');
>
> or
>
> $res = mysql_query('select password from users where id = $id');
> $row = mysql_fetch_array($res);
> if ($row['password'] != $pass_md5) die("Bad password");
>
> This way, the data going over the MySQL link is already secure before it
> goes over your network or leaves your program.
>
>
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
Curtis Maurand wrote:
need to encrypt data and then retrieve it later (credit card data). I could
probably pass it through and md5 or des function via openssl I suppose and
then store it. Perl and PHP both have functions to handle that.
Just to be a security nut, you shouldn't use the encryption functions in
MySQL at all unless you're always connecting (guaranteed) to the server
as localhost (and always will be). You should always do your
encryption/decryption/hashing in your program and then do the queries
based on that data. Download a copy of mcrypt and mhash and you'll see
that they're quite easy to use. openssl is another option if you feel
so inclined.
For example:
$pass = "...";
$pass_md5 = md5sum($pass);
mysql_query('update users set password = "$pass_md5" where id = $id');
or
$res = mysql_query('select password from users where id = $id');
$row = mysql_fetch_array($res);
if ($row['password'] != $pass_md5) die("Bad password");
This way, the data going over the MySQL link is already secure before it
goes over your network or leaves your program.
--
Michael T. Babcock
C.T.O., FibreSpeed Ltd.
http://www.fibrespeed.net/~mbabcock
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
I came to the same conclusion today after reading the docs again. I would
prefer the des_encode if I need to get things back out of it, but since I'm
running 3.23.55, the des_encode function is not available to me. I have a
need to encrypt data and then retrieve it later (credit card data). I could
probably pass it through and md5 or des function via openssl I suppose and
then store it. Perl and PHP both have functions to handle that.
Curtis
Tonu Samuel said:
> On Tue, 2003-02-11 at 15:39, Curtis Maurand wrote:
>>
>> The manual suggests that the password function is really for intenal
>> mysql functions. Ideally you should use the encode or md5_encode
>> functions.
>>
>> update user set password=encode('password', 'salt') where user =
>> 'your_user';
>
> Unless manual does not say, what method is used for encode(), I would
> prefer MD5() which is known to be good enough.
>
> I remember something about "encode" from source code. If I remember
> properly it was "home-made" algorithm and home-made algorithms are
> always known to be "keep-away" algorithms.
>
> If you need security, always hire expert to analyze your needs and
> suggest exact ways to improve it. Even smaller mistake can void all
> efforts to secure something. Most security problems I have seen are
> results of doing security without knowing about topic. Often they lead
> to headlines as it was in CNN few months ago: "hackers stoled credit
> reports of 15000 people".
>
> Use MD5() for one-way hashing where result never needs to be decrypted
> (usually passwords)
> Use DES_ENCRYPT() for encrypting data if you want to decrypt it at some
> point.
> Surely do not use PASSWORD() anywhere.
>
> Tõnu
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
On Tue, 2003-02-11 at 15:39, Curtis Maurand wrote:
>
> The manual suggests that the password function is really for intenal mysql
> functions. Ideally you should use the encode or md5_encode functions.
>
> update user set password=encode('password', 'salt') where user =
> 'your_user';
>
Unless manual does not say, what method is used for encode(), I would
prefer MD5() which is known to be good enough.
I remember something about "encode" from source code. If I remember
properly it was "home-made" algorithm and home-made algorithms are
always known to be "keep-away" algorithms.=20
If you need security, always hire expert to analyze your needs and
suggest exact ways to improve it. Even smaller mistake can void all
efforts to secure something. Most security problems I have seen are
results of doing security without knowing about topic. Often they lead
to headlines as it was in CNN few months ago: "hackers stoled credit
reports of 15000 people".
Use MD5() or SHA1() for one-way hashing where result never needs to be
decrypted (usually passwords)
Use DES_ENCRYPT() for encrypting data if you want to decrypt it at some
point.
Surely do not use PASSWORD() anywhere.
Tõnu
sql
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
Hi!
On Feb 04, Jianping Zhu wrote:
>
> I have mysql in a redhat machine. I need to use mysql do user
> authentication to a website.
> I have a table like following.
>
> +--+--+
> | username | passwd |
> +--+--+
> | jianping | jian1830 |
> | chichi | jian1830 |
> +--+--+
>
> I want the passwd field not to be plain text but encrypted. how can i do
> that?
>
> Thanks.
As Tonu has pointed out you should NOT use PASSWORD() function.
It's is only used to encrypt passwords used in MySQL authentification
protocol. Furthermore, it was changed in MySQL 4.1, so you application
won't be able to work with MySQL 4.1.
Use MD5() or SHA1() functions.
SHA1() was added recently, and MD5() is available for a long time
already.
Also, if you'll have Perl or PHP interface (or, actually, any other
custom written interface), it's better to calculate md5() in the
application (e.g. it's Digest::MD5 module in perl), like this:
use Digest::MD5 qw(md5_hex);
$sth->do('INSERT INTO table VALUES("jianping","' . md5_hex('jian1830') . '")');
instead of
$sth->do('INSERT INTO table VALUES("jianping",md5("jian1830"))');
so that plain-text passwords won't show up in update or binary logs.
Regards,
Sergei
--
MySQL Development Team
__ ___ ___ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
The manual suggests that the password function is really for intenal mysql
functions. Ideally you should use the encode or md5_encode functions.
update user set password=encode('password', 'salt') where user =
'your_user';
Curtis
On Wed, 5 Feb 2003, Natale Babbo wrote:
> try to use the password() function.
>
> update user set password=password('your_psw') where
> user='your_user'
>
> bye
>
>
>
>
> --- Jianping Zhu <[EMAIL PROTECTED]> ha scritto: >
> > I have mysql in a redhat machine. I need to use
> > mysql do user
> > authentication to a website.
> > I have a table like following.
> >
> > +--+--+
> > | username | passwd |
> > +--+--+
> > | jianping | jian1830 |
> > | chichi | jian1830 |
> > +--+--+
> >
> > I want the passwd field not to be plain text but
> > encrypted. how can i do
> > that?
> >
> > Thanks.
> >
> >
> >
> >
> -
> > Before posting, please check:
> >http://www.mysql.com/manual.php (the manual)
> >http://lists.mysql.com/ (the list
> > archive)
> >
> > To request this thread, e-mail
> > <[EMAIL PROTECTED]>
> > To unsubscribe, e-mail
> >
> <[EMAIL PROTECTED]>
> > Trouble unsubscribing? Try:
> > http://lists.mysql.com/php/unsubscribe.php
> >
>
> __
> Yahoo! Cellulari: loghi, suonerie, picture message per il tuo telefonino
> http://it.yahoo.com/mail_it/foot/?http://it.mobile.yahoo.com/index2002.html
>
> -
> Before posting, please check:
>http://www.mysql.com/manual.php (the manual)
>http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
> On Wed, 2003-02-05 at 13:53, Kamara Eric R-M wrote:
>
>> INSERT into tbl_name (username,password) values
>> ('user',PASSWORD('passwd'));
>>
>> and when authenticating the user you can do something like
>>
>> SELECT username from tbl_name where passwd=PASSWORD('$pass'); and in
>> this case $pass is the variable holding the password entered on the
>> webpage.
>
> NEVER use the PASSWORD() function! It is totally insecure and still in
> MySQL in historical reasons. Use function MD5() instead.
>
>Tõnu
At which version did it become available?
>
> -
> Before posting, please check:
>http://www.mysql.com/manual.php (the manual)
>http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]> To
> unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
When you store the information into the field you can us the mysql function
password. Then when you wish to test for a match you do something like
select count(*) where username='$username' and passwd = Password($password)
Where $username is the input username and $password is the input username
What is stored in the database is the std mySQL encoded password.
> On Tue, Feb 04, 2003 at 02:58:28PM -0500, Jianping Zhu wrote:
>>
>> I have mysql in a redhat machine. I need to use mysql do user
>> authentication to a website.
>> I have a table like following.
>>
>> +--+--+
>> | username | passwd |
>> +--+--+
>> | jianping | jian1830 |
>> | chichi | jian1830 |
>> +--+--+
>>
>> I want the passwd field not to be plain text but encrypted. how can i
>> do that?
>>
> Not for sure on the exact syntax becuse I've always used myPhpAdmin's
> md5 utility but it would be something like
>
> MD5("jian1830")
>
> this would do an MD5 hash
> --
> Jerry M. Howell II
>
> -
> Before posting, please check:
>http://www.mysql.com/manual.php (the manual)
>http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]> To
> unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
William R. Mussatto, Senior Systems Engineer
Ph. 909-920-9154 ext. 27
FAX. 909-608-7061
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
Try this:
insert into tablename values ('myusername', password('mypassword'));
[EMAIL PROTECTED] wrote:
On Tue, Feb 04, 2003 at 02:58:28PM -0500, Jianping Zhu wrote:
I have mysql in a redhat machine. I need to use mysql do user
authentication to a website.
I have a table like following.
+--+--+
| username | passwd |
+--+--+
| jianping | jian1830 |
| chichi | jian1830 |
+--+--+
I want the passwd field not to be plain text but encrypted. how can i do
that?
Not for sure on the exact syntax becuse I've always used myPhpAdmin's
md5 utility but it would be something like
MD5("jian1830")
this would do an MD5 hash
--
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop@Netscape!
http://shopnow.netscape.com/
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
On Wed, 2003-02-05 at 13:53, Kamara Eric R-M wrote:
> INSERT into tbl_name (username,password) values
> ('user',PASSWORD('passwd'));
>
> and when authenticating the user you can do something like
>
> SELECT username from tbl_name where passwd=PASSWORD('$pass'); and in this
> case $pass is the variable holding the password entered on the webpage.
NEVER use the PASSWORD() function! It is totally insecure and still in
MySQL in historical reasons. Use function MD5() instead.
Tõnu
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
the easiest way to do this is to use mysql's own 'password' function.
to add a new user use:
insert into table (username,passwd) values ('jianping',password('jian1830'))
to validate the password:
select count(*) from table where username='jianping' and
passwd=password('whatwasentered');
or similar...
On Tue, 4 Feb 2003 14:58:28 -0500 (EST)
Jianping Zhu <[EMAIL PROTECTED]> wrote:
>
> I have mysql in a redhat machine. I need to use mysql do user
> authentication to a website.
> I have a table like following.
>
> +--+--+
> | username | passwd |
> +--+--+
> | jianping | jian1830 |
> | chichi | jian1830 |
> +--+--+
>
> I want the passwd field not to be plain text but encrypted. how can i do
> that?
>
> Thanks.
>
>
>
> -
> Before posting, please check:
>http://www.mysql.com/manual.php (the manual)
>http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
>
--
[EMAIL PROTECTED] Collaborative Intrusion Detection
join http://www.dshield.org
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
On Tue, Feb 04, 2003 at 02:58:28PM -0500, Jianping Zhu wrote:
>
> I have mysql in a redhat machine. I need to use mysql do user
> authentication to a website.
> I have a table like following.
>
> +--+--+
> | username | passwd |
> +--+--+
> | jianping | jian1830 |
> | chichi | jian1830 |
> +--+--+
>
> I want the passwd field not to be plain text but encrypted. how can i do
> that?
>
Not for sure on the exact syntax becuse I've always used myPhpAdmin's
md5 utility but it would be something like
MD5("jian1830")
this would do an MD5 hash
--
Jerry M. Howell II
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
On Tue, 4 Feb 2003, Jianping Zhu wrote:
>
> I have mysql in a redhat machine. I need to use mysql do user
> authentication to a website.
> I have a table like following.
>
> +--+--+
> | username | passwd |
> +--+--+
> | jianping | jian1830 |
> | chichi | jian1830 |
> +--+--+
>
> I want the passwd field not to be plain text but encrypted. how can i do
> that?
>
> Thanks.
use the following sql syntax when creating a user
INSERT into tbl_name (username,password) values
('user',PASSWORD('passwd'));
and when authenticating the user you can do something like
SELECT username from tbl_name where passwd=PASSWORD('$pass'); and in this
case $pass is the variable holding the password entered on the webpage.
>
>
>
> -
> Before posting, please check:
>http://www.mysql.com/manual.php (the manual)
>http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail <[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
Regards,
Eric
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
Hi, Use the PASSWORD() function to encrypt the password. There are other encryptation functions in MySQL like MD5(), SHA1(), ENCRYPT(). Have a look at functions you can use in SELECT statement at the manual. http://www.mysql.com/doc/en/Miscellaneous_functions.html On Tue, 2003-02-04 at 19:58, Jianping Zhu wrote: > > I have mysql in a redhat machine. I need to use mysql do user > authentication to a website. > I have a table like following. > > +--+--+ > | username | passwd | > +--+--+ > | jianping | jian1830 | > | chichi | jian1830 | > +--+--+ > > I want the passwd field not to be plain text but encrypted. how can i do > that? > > Thanks. > > > > - > Before posting, please check: >http://www.mysql.com/manual.php (the manual) >http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > -- Diana Soares - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
Hi,
Simply do the following:
INSERT INTO yourtable (username, password)
VALUES ('chichi', PASSWORD('jian1830'));
The encrypted password will look like this... 2748c558120ee3c9. This is
MySQL's own internal encrypting function.
Remember to set the password to a, CHAR(16) binary not null, field.
Or, you could use MD5 to encrypt it as well. Just remember that you
will need to program your server side language to encrypt the password
before checking against the database you probably know that already,
just thought I'd state the obvious (must be a British thing). ;)
Regards,
Kevin
- Original Message -
From: "Jianping Zhu" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 04, 2003 7:58 PM
Subject: encrypted password
>
> I have mysql in a redhat machine. I need to use mysql do user
> authentication to a website.
> I have a table like following.
>
> +--+--+
> | username | passwd |
> +--+--+
> | jianping | jian1830 |
> | chichi | jian1830 |
> +--+--+
>
> I want the passwd field not to be plain text but encrypted. how can i
do
> that?
>
> Thanks.
>
>
>
> -
> Before posting, please check:
>http://www.mysql.com/manual.php (the manual)
>http://lists.mysql.com/ (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
<[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
>
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
- Original Message -
From: "Jianping Zhu" <[EMAIL PROTECTED]>
Sent: Tuesday, February 04, 2003 1:58 PM
> I want the passwd field not to be plain text but encrypted. how can i do
> that?
Use the password function:
mysql> create table users (
-> name varchar(12),
-> pass varchar(16));
Query OK, 0 rows affected (1.14 sec)
mysql> insert into users values ('bruce',password('mine'));
Query OK, 1 row affected (0.12 sec)
mysql> select * from users where pass = password('mine');
+---+--+
| name | pass |
+---+--+
| bruce | 61ce8de3029ff1ab |
+---+--+
1 row in set (0.14 sec)
See also http://www.mysql.com/doc/en/Miscellaneous_functions.html for a
discussion of other encryption techniques, including MD5 and SHA1.
Best regards,
Bruce MacDonald
Minnesota Public Radio, St. Paul USA
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: encrypted password
try to use the password() function.
update user set password=password('your_psw') where
user='your_user'
bye
--- Jianping Zhu <[EMAIL PROTECTED]> ha scritto: >
> I have mysql in a redhat machine. I need to use
> mysql do user
> authentication to a website.
> I have a table like following.
>
> +--+--+
> | username | passwd |
> +--+--+
> | jianping | jian1830 |
> | chichi | jian1830 |
> +--+--+
>
> I want the passwd field not to be plain text but
> encrypted. how can i do
> that?
>
> Thanks.
>
>
>
>
-
> Before posting, please check:
>http://www.mysql.com/manual.php (the manual)
>http://lists.mysql.com/ (the list
> archive)
>
> To request this thread, e-mail
> <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
>
<[EMAIL PROTECTED]>
> Trouble unsubscribing? Try:
> http://lists.mysql.com/php/unsubscribe.php
>
__
Yahoo! Cellulari: loghi, suonerie, picture message per il tuo telefonino
http://it.yahoo.com/mail_it/foot/?http://it.mobile.yahoo.com/index2002.html
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
encrypted password
I have mysql in a redhat machine. I need to use mysql do user authentication to a website. I have a table like following. +--+--+ | username | passwd | +--+--+ | jianping | jian1830 | | chichi | jian1830 | +--+--+ I want the passwd field not to be plain text but encrypted. how can i do that? Thanks. - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
