By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,086 Members | 1,460 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,086 IT Pros & Developers. It's quick & easy.

mysql_connect and encrypted password

P: n/a
Hello,

Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?

I store passwords for users in database and don't want to use plain
text passwords.
Then I use that information to connect to the database. So every user
have his own database.
They are usually not in the same host even. So it would be nice to be
able to give to mysql_connect
and encrypted password instead of the plain one.

Thanks, any help appreciated.

Shmuel

Oct 8 '07 #1
Share this Question
Share on Google+
5 Replies


P: n/a
..oO(Shmuel)
>Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?

I store passwords for users in database and don't want to use plain
text passwords.
The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.

Micha
Oct 8 '07 #2

P: n/a
Thanks for your answer.

What I mean, though, is that I need to connect to the database
with an password that is encrypted, like this:
mysql_connect('host', 'user',
'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

I store that password in database, and want to have it encrypted.
I am not talking about passwords that are in the mysql table,
but instead a table of my own that has the user information.

So if somebody gets into my db server, he wont see the passwords as
they are,
but instead encrypted.

On Oct 8, 5:49 pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Shmuel)
Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?
I store passwords for users in database and don't want to use plain
text passwords.

The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.

Micha

Oct 8 '07 #3

P: n/a
The mysql_connect() call gets the password your website uses on the
database. That should NOT be the same as your user's passwords.
Rather, it should be something you keep secret from anyone else.
Yes, but I connect to the user's database (over the net) dynamically,
getting the values from my database. I'm working on a CMS that
is used to modify data in databases that are not on the same server,
they are wherever the user have them. And also I don't have access
to the mysql database on my hosting provider, so I couldn't store
there the user details there.


Oct 9 '07 #4

P: n/a
Shmuel wrote:
>The mysql_connect() call gets the password your website uses on the
database. That should NOT be the same as your user's passwords.
Rather, it should be something you keep secret from anyone else.

Yes, but I connect to the user's database (over the net) dynamically,
getting the values from my database. I'm working on a CMS that
is used to modify data in databases that are not on the same server,
they are wherever the user have them. And also I don't have access
to the mysql database on my hosting provider, so I couldn't store
there the user details there.

First of all, most hosts disallow connections from over the internet,
for security reasons. I know all of my sites are like that. You can
connect from the server Apache is running on, but that's all. So right
there you're going to have a problem.

And you wouldn't store them in the mysql tables, anyway. That would be
the userid and passwords for your MySQL. You store them in your own tables.

And finally, you need to be asking these questions in
comp.databases.mysql. None of this has anything to do with PHP.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Oct 9 '07 #5

P: n/a
On 8 Oct, 19:49, Shmuel <shmue...@gmail.comwrote:
Thanks for your answer.

What I mean, though, is that I need to connect to the database
with an password that is encrypted, like this:
mysql_connect('host', 'user',
'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

I store that password in database, and want to have it encrypted.
I am not talking about passwords that are in the mysql table,
but instead a table of my own that has the user information.

So if somebody gets into my db server, he wont see the passwords as
they are,
but instead encrypted.

On Oct 8, 5:49 pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Shmuel)
>Is it possible to give to mysql_connect an encrypted (md5 or sha1)
>password?
>If not is there a workaround?
>I store passwords for users in database and don't want to use plain
>text passwords.
The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.
Micha
You're not making it any more secure by doing that - you've just
changed one password for another.

If you don't want to store the unencrypted password on the filesystem
then you need to encrypt (reversibly) it with something not available
elsewhere - e.g. a users password supplied in a request. (putting the
key in the Apache startup env won't help either). But you're making
your system very complex by doing this.

Find a different way to solve the problem. If it is a problem.

C.

Oct 9 '07 #6

This discussion thread is closed

Replies have been disabled for this discussion.