473,238 Members | 1,968 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,238 software developers and data experts.

mysql_connect and encrypted password

Hello,

Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?

I store passwords for users in database and don't want to use plain
text passwords.
Then I use that information to connect to the database. So every user
have his own database.
They are usually not in the same host even. So it would be nice to be
able to give to mysql_connect
and encrypted password instead of the plain one.

Thanks, any help appreciated.

Shmuel

Oct 8 '07 #1
5 6053
..oO(Shmuel)
>Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?

I store passwords for users in database and don't want to use plain
text passwords.
The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.

Micha
Oct 8 '07 #2
Thanks for your answer.

What I mean, though, is that I need to connect to the database
with an password that is encrypted, like this:
mysql_connect('host', 'user',
'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

I store that password in database, and want to have it encrypted.
I am not talking about passwords that are in the mysql table,
but instead a table of my own that has the user information.

So if somebody gets into my db server, he wont see the passwords as
they are,
but instead encrypted.

On Oct 8, 5:49 pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Shmuel)
Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?
I store passwords for users in database and don't want to use plain
text passwords.

The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.

Micha

Oct 8 '07 #3
The mysql_connect() call gets the password your website uses on the
database. That should NOT be the same as your user's passwords.
Rather, it should be something you keep secret from anyone else.
Yes, but I connect to the user's database (over the net) dynamically,
getting the values from my database. I'm working on a CMS that
is used to modify data in databases that are not on the same server,
they are wherever the user have them. And also I don't have access
to the mysql database on my hosting provider, so I couldn't store
there the user details there.


Oct 9 '07 #4
Shmuel wrote:
>The mysql_connect() call gets the password your website uses on the
database. That should NOT be the same as your user's passwords.
Rather, it should be something you keep secret from anyone else.

Yes, but I connect to the user's database (over the net) dynamically,
getting the values from my database. I'm working on a CMS that
is used to modify data in databases that are not on the same server,
they are wherever the user have them. And also I don't have access
to the mysql database on my hosting provider, so I couldn't store
there the user details there.

First of all, most hosts disallow connections from over the internet,
for security reasons. I know all of my sites are like that. You can
connect from the server Apache is running on, but that's all. So right
there you're going to have a problem.

And you wouldn't store them in the mysql tables, anyway. That would be
the userid and passwords for your MySQL. You store them in your own tables.

And finally, you need to be asking these questions in
comp.databases.mysql. None of this has anything to do with PHP.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Oct 9 '07 #5
On 8 Oct, 19:49, Shmuel <shmue...@gmail.comwrote:
Thanks for your answer.

What I mean, though, is that I need to connect to the database
with an password that is encrypted, like this:
mysql_connect('host', 'user',
'5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

I store that password in database, and want to have it encrypted.
I am not talking about passwords that are in the mysql table,
but instead a table of my own that has the user information.

So if somebody gets into my db server, he wont see the passwords as
they are,
but instead encrypted.

On Oct 8, 5:49 pm, Michael Fesser <neti...@gmx.dewrote:
.oO(Shmuel)
>Is it possible to give to mysql_connect an encrypted (md5 or sha1)
>password?
>If not is there a workaround?
>I store passwords for users in database and don't want to use plain
>text passwords.
The passwords in the MySQL user database are already encrypted. Have a
look at the PASSWORD() function.
Micha
You're not making it any more secure by doing that - you've just
changed one password for another.

If you don't want to store the unencrypted password on the filesystem
then you need to encrypt (reversibly) it with something not available
elsewhere - e.g. a users password supplied in a request. (putting the
key in the Apache startup env won't help either). But you're making
your system very complex by doing this.

Find a different way to solve the problem. If it is a problem.

C.

Oct 9 '07 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: sffan | last post by:
I am new to database programming and was curious how others solve the problem of storing encrypted in data in db table columns and then subsequently searching for these records. The particular...
6
by: Ian Davies | last post by:
Hello I would like to query the user table of the mysql database from my VB application to check that a user's password entered in a text field on a form corresponds to that users password in the...
2
by: Jill Elaine | last post by:
I am building an Access 2002 frontend with linked tables to an encrypted Paradox 7 database. When I first create these linked tables, I'm asked for the password to the encrypted Paradox database,...
19
by: Michael | last post by:
Hi, I'm trying to do something which should be very simple - connect to the MySQL database. Here is the call, followed by the error msg. $conn = mysql_connect("localhost", "root", ""); ...
5
by: Michael Sperlle | last post by:
Is it possible? Bestcrypt can supposedly be set up on linux, but it seems to need changes to the kernel before it can be installed, and I have no intention of going through whatever hell that would...
6
by: GD | last post by:
Hi All, I've got MySQL 5.0.21 running on Windows Server 2003, and php running on Apache on a Linux box (Fedora Core 4). Previously when the pages were running on an IIS server the connection...
2
by: Bernard Dhooghe | last post by:
The information center writes: "Encryption Algorithm: The internal encryption algorithm used is RC2 block cipher with padding, the 128-bit secret key is derived from the password using a MD2...
0
by: danishce | last post by:
I want to generate 8 byte key using CBC MAC by applying encryption to whole message in vb.net.My code is: //Main form Code Imports System.Security.Cryptography Dim plainText As String ...
4
n8kindt
by: n8kindt | last post by:
i'm trying to create a secure scenario where no one will be able to know our encrypted database passcode. BUT if they login to a form in another database successfully, it will open the encrypted...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.