Ian Davies wrote:
My problen now is that the string input by the user is in my VB application
and VB doesnt recognise PASSWORD().
How can I get mysql to encrypt the string from withing VB?
SELECT PASSWORD("string");
You can also do this:
SELECT IF(PASSWORD("string") = encryptedPasswordField, 1, 0) AS
password_is_correct
FROM tableStoringPasswords;
By the way, you should be aware of issues related to using the
PASSWORD() function in MySQL. Read the entry about PASSWORD() on this
web page:
http://dev.mysql.com/doc/refman/5.0/...functions.html
"Note: The PASSWORD() function is used by the authentication system in
MySQL Server; you should not use it in your own applications. For that
purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more
information about handling passwords and authentication securely in your
applications."
The recommendation against using MySQL's PASSWORD function for your
applications is that they can change the algorithm between versions of
MySQL (e.g. between 4.0 and 4.1 the encryption algorithm changed). That
could cause your application to break as you upgrade the MySQL software,
and the only solution would be to reset all your users' passwords, and
tell each user to go change their password.
I use MD5() when I need application-specific password encryption.
Regards,
Bill K.