Gael Lams,
The problem is, MD5 is non-reversible. Any encryption you use that is non reversible... obviously cannot be reversed, right? If it can't be reversed, that's what you have to send for the connection - and anyone sending that will get through just fine.
Here, let me explain. If you were to store the password MD5'd, say in $password, you would have to pass that (the md5'd version) to mysql_connect(). If you can pass it to that function, anyone can... and so the encryption doesn't help anyone (except that the password is longer.)
Generally, the solution would be a challenge login, but even then the client needs to know the clear text password, and so it needs to be saved somewhere.
There is one solution to this: certificates, but that's still by machine. See the documentatation for more information:
http://www.php.net/ref.mysql
-[Unknown]
-------- Original Message --------
Hi all
I use the classic following rows to connect to a mysql database. I always put $passsword in clear in the php connection file and I wonder whether there is a way to have it in md5 so that someone reading the file could not use it to connect to the db. I googled a bit but find only threads explaining how to have password saved in md5 inside a mysql table which is not I would like to do
Regards,
Gaël
function SQLConnect() { $server_name = 'localhost'; $db_name = 'cmsdb'; $user_name = 'user'; $password = 'clearpassword';
if (!$dbconnect = mysql_connect($server_name, $user_name, $password)) { echo "Connection failed to the host 'localhost'."; exit; } if (!mysql_select_db($db_name)) { echo "Cannot connect to database '.$db_name.'"; exit; } }
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
