Craig,
At 10:02 AM 3/3/2002 , you wrote:
>In an effort to encrypt private data in my database (national id numbers,
>credit card numbers, passwords) I have had to resort to writing code in my
>application using the Blowfish algorithm. Is there any facility for doing
>this within MySQL (on Win
In an effort to encrypt private data in my database (national id numbers,
credit card numbers, passwords) I have had to resort to writing code in my
application using the Blowfish algorithm. Is there any facility for doing
this within MySQL (on Windows)? Any third party tools out there? For
> It's only dangerous if a customer can trick your web frontend
> into displaying the output of "SELECT * FROM USERS", for
> example. If the frontend only uses hardcoded queries, or
> quotes every user-supplied parameter, there's no problem. In
> fact, you need the password in plaintext to s
Yes.
1. Read the manual sections concerning setting up new accounts with special emphasis
on passwords.
2. When you thoroughly understand those matters, take the issue to the system
administrator and/or management.
hth,
Doug
Only two things are infinite, the universe and human stupidity, an
In the last episode (Dec 12), James McLaughlin said:
> The new programmer for our company is not using the dataType
> "password" or any encryption what so ever for our user accounts
> (accounts that our customers use for getting into our system) in our
> database.
>
> Instead he is using the VarC
it's not all that dangerous. it just means that you can read your users'
passwords. anyone who can read that db table can become any of your
users. password fields are just another safeguard against a "just in case
someone gets read access to this" scenario. they also serve to provide
more pr
The new programmer for our company is not using the dataType "password" or
any encryption what so ever for our user accounts (accounts that our
customers use for getting into our system) in our database.
Instead he is using the VarChar dataType.
Can someone explain to me how I can exploit this
