|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
18/08/2007, 09h44
|
#1 |
Messages: n/a
Hébergeur: |
Password storage
Friends,
I have one question - How to store passwords in MySQL database table in a secure way so that no one can see the password(understand the password string)? Please Thanks CPK -- Keep your Environment clean and green. |
|
|
18/08/2007, 10h23
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: Password storage
Use MD5 function to encrypt the password column
C K wrote: > Friends, > I have one question - How to store passwords in MySQL database table in a > secure way so that no one can see the password(understand the password > string)? > Please > Thanks > CPK > > -- Yoge, AdventNet, Inc. 925-965-6528 yogendrav@adventnet.com site24x7.com |
|
|
|
18/08/2007, 13h23
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: Password storage
C K wrote:
> Friends, > I have one question - How to store passwords in MySQL database table in a > secure way so that no one can see the password(understand the password > string)? > Please > Thanks > CPK > > mysql> create table test01 (pass varchar(32)); Query OK, 0 rows affected (0.00 sec) mysql> insert into test01 values (md5('textpassword')); Query OK, 1 row affected (0.01 sec) mysql> select * from test01; +----------------------------------+ | pass | +----------------------------------+ | d1c7e2c37b0bb7d92548ac5594d00315 | +----------------------------------+ 1 row in set (0.00 sec) The md5 function encrypts the input string. --------- With Warm Regards, Sudheer. S www.binaryvibes.co.in www.lampcomputing.com |
|
|
|
18/08/2007, 14h53
|
#4 |
|
Messages: n/a
Hébergeur: |
Re: Password storage
Thanks to all,
but the problem is that I am using external programs to insert data and I can't use MySQL functions directly. Can I call/implement such type of functions using MS Access 2003? Thanks CPK > > > The md5 function encrypts the input string. > > --------- > With Warm Regards, > Sudheer. S > www.binaryvibes.co.in > www.lampcomputing.com > > -- Keep your Environment clean and green. |
|
|
|
18/08/2007, 16h19
|
#5 |
|
Messages: n/a
Hébergeur: |
Re: Password storage
On Sat, August 18, 2007 15:53, C K wrote: > Thanks to all, > but the problem is that I am using external programs to insert data and I > can't use MySQL functions directly. Can I call/implement such type of > functions using MS Access 2003? MD5() is not an encryption function. The MySQL manual states: <QUOTE> MD5(str) Calculates an MD5 128-bit checksum for the string. The value is returned as a binary string of 32 hex digits, or NULL if the argument was NULL. The return value can, for example, be used as a hash key. mysql> SELECT MD5('testing'); -> 'ae2b1fca515949e5d54fb22b8ed95575' This is the “RSA Data Security, Inc. MD5 Message-Digest Algorithm.†</QUOTE> You might want to look at ENCODE() and DECODE() functions. Again from the manual: <QUOTE> DECODE(crypt_str,pass_str) Decrypts the encrypted string crypt_str using pass_str as the password. crypt_str should be a string returned from ENCODE(). ENCODE(str,pass_str) Encrypt str using pass_str as the password. To decrypt the result, use DECODE(). The result is a binary string of the same length as str. The strength of the encryption is based on how good the random generator is. It should suffice for short strings. </QUOTE> These are all functions you use in your sql statement, so yes. They can be used in MS Access. -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |
|
|
|
18/08/2007, 19h17
|
#6 |
|
Messages: n/a
Hébergeur: |
Re: Password storage
But you can use it for passwords (ask Unix)...
You can't decode what the original password was, but you can encode the password they typed in and check the two hashes match - if they do - the chances are that the original passwords match (the odds against are huge!) On Saturday 18 August 2007 16:19, Mogens Melander wrote: > MD5() is not an encryption function. The MySQL manual states: > -- Mike Aubury Aubit Computing Ltd is registered in England and Wales, Number: 3112827 Registered Address : Murlain Business Centre, Union Street, Chester, CH1 1QP |
|
|
|
18/08/2007, 22h23
|
#7 |
|
Messages: n/a
Hébergeur: |
Re: Password storage
On Sat, August 18, 2007 20:17, Mike Aubury wrote: > But you can use it for passwords (ask Unix)... > > You can't decode what the original password was, but you can encode the > password they typed in and check the two hashes match - if they do - the > chances are that the original passwords match (the odds against are huge!) Well, i got the impression that OP wanted to retrieve the cleartext string, but i could be wrong. > On Saturday 18 August 2007 16:19, Mogens Melander wrote: > >> MD5() is not an encryption function. The MySQL manual states: >> -- Later Mogens Melander +45 40 85 71 38 +66 870 133 224 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |
|
|
|
18/08/2007, 23h03
|
#8 |
|
Messages: n/a
Hébergeur: |
Re: Password storage
Hi,
What are those external programs? If you are using a scripting language like PHP to insert data, you can still use all the MySQL functions in your query statements. I'm not sure how this is related to MS Access 2003. With Warm Regards, Sudheer. S www.binaryvibes.co.in www.lampcomputing.com C K wrote: > Thanks to all, > but the problem is that I am using external programs to insert data and I > can't use MySQL functions directly. Can I call/implement such type of > functions using MS Access 2003? > Thanks > CPK > > > >> The md5 function encrypts the input string. >> >> --------- >> With Warm Regards, >> Sudheer. S >> www.binaryvibes.co.in >> www.lampcomputing.com >> >> >> > > > |
|
|
 |
| Outils de la discussion | |
|
|
