Re: Secure MySQL Access md5()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Passwords in the mysql.users table must be encrypted using MySQL's native PASSWORD() function, not MD5(). With newer versions of MySQL, I think there is some change in this, but AFAIK for 4.0.18 this is still true.

When connecting to the database you always use the plaintext password, and MySQL will do the encrypting (using PASSWORD()) and check it against what is in the row of the users table.

HTH,
Hans

Gary Theisen wrote:

Hi all,
I've got:
WinNT
php 4.3.1
phpmyadmin 2.5.6
MySQL 4.0.18-nt
I can connect to my db via my php script using:
[php]
$connection = mysql_connect ("localhost", "root", "")
[/php]
That works no problem.
This will not work however:
[php]
$somePass = md5("somePass");
$connection = mysql_connect ("localhost", "someID", $somePass)
[/php]
gives me this error:
[quote]
Access denied for user: 'someID@localhost' <mailto:'someID@localhost'>
(Using password: YES)
[/quote]
I set someID up in the db using phpmyadmin, with it's password using the
md5() function. I can see via phpmyadmin that someID does indeed have a 32
byte encrypted password stored.
I can then compare the stored md5 password to the md5 password I'm passing
to try to connect...via $somePass. The encrypted passwords match exactly.
Why wouldn't the match be confirmed...allowing me to connect?
Thanks!



-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux