Kevin Murphy wrote:
Yup, that's got it. It didn't occur to me that its a MySQL thing.... I'm
used to doing this as a PHP thing and inserting an already encrypted
password into MySQL.
Anyone have any thoughts one way or another as to if this mysql password
function is better/worse than doing it all in PHP?
You're becoming reliant on mysql to do it all which means it would be a
pain to port this to another database (may or may not be a problem, no
idea).
You're actually sending the password across the wire in plain text in
the sql query - that is php is sending password('your_password') to the
mysql server. Not a problem if it's localhost but if it's a remote db
server there is a possibility of it being captured (sniffer). If you
encode it in php, you're sending across the hash
(password='hashed_value_here').
Mysql passwords have changed between versions and may change again.
http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html
Prior to MySQL 4.1, password hashes computed by the PASSWORD() function
are 16 bytes long.
As of MySQL 4.1, the PASSWORD() function has been modified to produce a
longer 41-byte hash value
The last one is probably the most important one.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
