RE: Format of Encrypted Password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi kevin...

if you already received an answer to this email, feel free to disregard.

the "password" that you're questioning is from mysql.
---------------------------------------------------
[root@laptop2 test]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 4.1.20-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> help password
Name: 'PASSWORD'
Description:
Syntax:
PASSWORD(str)

Calculates and returns a password string from the plaintext password
str and returns a binary string, or NULL if the argument was NULL. This
is the function that is used for encrypting MySQL passwords for storage
in the Password column of the user grant table.
Examples:
mysql> SELECT PASSWORD('badpwd');
        -> '7f84554057dd964b'

-------------------------------------------------

hope this clarifies/helps!


-----Original Message-----
From: Kevin Murphy [mailto:php@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, September 05, 2006 4:53 PM
To: PHP
Subject: Re:  Format of Encrypted Password


The only thing I can find anywhere in the code is this:

$auth_user = $_SERVER['PHP_AUTH_USER'];
$auth_pw = $_SERVER['PHP_AUTH_PW'];	
$query = "select name from table where name = '$authuser' and  
password = password('$auth_pw')";

I've never seen that password('$auth_pw') part before. Is that a  
mysql part that I am not familiar with and that I should know? I've  
been known to miss obvious stuff before.....

-- 
Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada Community College
www.wncc.edu
775-445-3326


On Sep 5, 2006, at 4:25 PM, Chris W. Parker wrote:

> Kevin Murphy <mailto:php@xxxxxxxxxxxxxxxxxx>
>     on Tuesday, September 05, 2006 3:27 PM said:
>
>> The passwords are called in the application by:
>>
>> $_SERVER['PHP_AUTH_PW']
>
>> Is there any way to tell how these passwords were encrypted?
>
> Have you tried searching the entire codebase for that string? Might  
> get
> you some clues.
>
> From the commandline (and at the root of the codebase):
>
> # grep -R PHP_AUTH_PW *
>
>
>
> Chris.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux