469,610 Members | 1,859 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,610 developers. It's quick & easy.

mysql_connect and encrypted password

Hello,

Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?

I store passwords for users in database and don't want to use plain
text passwords.
Then I use that information to connect to the database. So every user
have his own database.
They are usually not in the same host even. So it would be nice to be
able to give to mysql_connect
and encrypted password instead of the plain one.

Thanks, any help appreciated.

Shmuel

Oct 8 '07 #1
5 5808
..oO(Shmuel)
>Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?

I store passwords for users in database and don't want to use plain
text passwords.
The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.

Micha
Oct 8 '07 #2
Thanks for your answer.

What I mean, though, is that I need to connect to the database
with an password that is encrypted, like this:
mysql_connect('host', 'user',
'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

I store that password in database, and want to have it encrypted.
I am not talking about passwords that are in the mysql table,
but instead a table of my own that has the user information.

So if somebody gets into my db server, he wont see the passwords as
they are,
but instead encrypted.

On Oct 8, 5:49 pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Shmuel)
Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?
I store passwords for users in database and don't want to use plain
text passwords.

The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.

Micha

Oct 8 '07 #3
The mysql_connect() call gets the password your website uses on the
database. That should NOT be the same as your user's passwords.
Rather, it should be something you keep secret from anyone else.
Yes, but I connect to the user's database (over the net) dynamically,
getting the values from my database. I'm working on a CMS that
is used to modify data in databases that are not on the same server,
they are wherever the user have them. And also I don't have access
to the mysql database on my hosting provider, so I couldn't store
there the user details there.


Oct 9 '07 #4
Shmuel wrote:
>The mysql_connect() call gets the password your website uses on the
database. That should NOT be the same as your user's passwords.
Rather, it should be something you keep secret from anyone else.

Yes, but I connect to the user's database (over the net) dynamically,
getting the values from my database. I'm working on a CMS that
is used to modify data in databases that are not on the same server,
they are wherever the user have them. And also I don't have access
to the mysql database on my hosting provider, so I couldn't store
there the user details there.

First of all, most hosts disallow connections from over the internet,
for security reasons. I know all of my sites are like that. You can
connect from the server Apache is running on, but that's all. So right
there you're going to have a problem.

And you wouldn't store them in the mysql tables, anyway. That would be
the userid and passwords for your MySQL. You store them in your own tables.

And finally, you need to be asking these questions in
comp.databases.mysql. None of this has anything to do with PHP.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Oct 9 '07 #5
On 8 Oct, 19:49, Shmuel <shmue...@gmail.comwrote:
Thanks for your answer.

What I mean, though, is that I need to connect to the database
with an password that is encrypted, like this:
mysql_connect('host', 'user',
'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

I store that password in database, and want to have it encrypted.
I am not talking about passwords that are in the mysql table,
but instead a table of my own that has the user information.

So if somebody gets into my db server, he wont see the passwords as
they are,
but instead encrypted.

On Oct 8, 5:49 pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Shmuel)
>Is it possible to give to mysql_connect an encrypted (md5 or sha1)
>password?
>If not is there a workaround?
>I store passwords for users in database and don't want to use plain
>text passwords.
The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.
Micha
You're not making it any more secure by doing that - you've just
changed one password for another.

If you don't want to store the unencrypted password on the filesystem
then you need to encrypt (reversibly) it with something not available
elsewhere - e.g. a users password supplied in a request. (putting the
key in the Apache startup env won't help either). But you're making
your system very complex by doing this.

Find a different way to solve the problem. If it is a problem.

C.

Oct 9 '07 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Ian Davies | last post: by
19 posts views Thread by Michael | last post: by
5 posts views Thread by Michael Sperlle | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.