Hi,
Mário Gamito wrote:
For obnoxious reasons, I'm running a web site in Windows/ASP.NET/C# that
once a user registers, it inserts in the MySQL qmail server the
username, password, etc.
It's in the password that the problem lies.
I need to hash it just before or after the MySQL INSERT statement.
For that, I have to run a PHP shell script that follows my signature.
There is an encrypt function in MySQL:
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_encrypt
but it is only available on systems which have a system crypt call (not
Windows according to the docs). However if your MySQL database is
running on Linux you should be able to just change the insert statement
in the C# code to something like:
insert into user_details values("username", encrypt("password"), ...);
and not bother with the php script. If the database is on Windows, then
there are other encrytion functions available. There is a User Comment
at the bottom of the above web page (search for "Philip Mather") which
discusses using a trigger to achieve something that sounds similar to
what you want.
There are lots of other options, of course, but my first route would
always be to modify existing code. You might want to be careful,
however, that you aren't breaking any license agreement before going
ahead and modifying anything. If the code is unavailable or protected
then you can just put a trigger on the user_details table in the
database and encrypt the password there.
Hope some of that helps.
Cheers
Adam
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
