|
|
Posted by C. (http://symcbean.blogspot.com/) on 10/09/07 12:02
On 8 Oct, 19:49, Shmuel <shmue...@gmail.com> wrote:
> Thanks for your answer.
>
> What I mean, though, is that I need to connect to the database
> with an password that is encrypted, like this:
> mysql_connect('host', 'user',
> '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');
>
> I store that password in database, and want to have it encrypted.
> I am not talking about passwords that are in the mysql table,
> but instead a table of my own that has the user information.
>
> So if somebody gets into my db server, he wont see the passwords as
> they are,
> but instead encrypted.
>
> On Oct 8, 5:49 pm, Michael Fesser <neti...@gmx.de> wrote:
>
> > .oO(Shmuel)
>
> > >Is it possible to give to mysql_connect an encrypted (md5 or sha1)
> > >password?
> > >If not is there a workaround?
>
> > >I store passwords for users in database and don't want to use plain
> > >text passwords.
>
> > The passwords in the MySQL user database are already encrypted. Have a
> > look at the PASSWORD() function.
>
> > Micha
You're not making it any more secure by doing that - you've just
changed one password for another.
If you don't want to store the unencrypted password on the filesystem
then you need to encrypt (reversibly) it with something not available
elsewhere - e.g. a users password supplied in a request. (putting the
key in the Apache startup env won't help either). But you're making
your system very complex by doing this.
Find a different way to solve the problem. If it is a problem.
C.
Navigation:
[Reply to this message]
|