|
|
Posted by Jerry Stuckle on 10/09/07 00:05
Shmuel wrote:
>> The password is passed as plain text to mysql_connect(), because MySQL
>> itself encrypts it in order to compare it with the stored password hash.
>
> Yes I know it works like this, but the thing is that I store user
> information
> in the database like: host, user, pass, etc. and then from a
> controller
> script I retrieve information from the correct database, according to
> the
> details of a certain user. So I don't want them be shown as plain
> text.
> So I'm not talking about mysql users, just "users". They happen to be
> users that can also connect to the database... also to ftp...
>
>
>> Confusing ... If you want to connect with mysql_connect() to the server,
>> you have to follow MySQL's authentication rules and store encrypted
>> passwords in its user table. You can't use your own table for that.
>
>
> What I would like to is to give mysql_connect() say, give a parameter
> to
> tell whether the password I pass to it is encrypted or not.
>
> Shmuel
>
The mysql_connect() call gets the password your website uses on the
database. That should NOT be the same as your user's passwords.
Rather, it should be something you keep secret from anyone else.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|