-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Amos, MD5 insufficient. As minimum, SHA256 with salt. New Oracle RDBMS use SHA to store user's password. And don't forget about SQL Injection and password cracking farms.......... 11.02.15 3:28, Amos Jeffries пишет: > On 11/02/2015 8:17 p.m., Ahmad wrote: >> Thank you amos , I fixed the table thing , but I have new error >> now : >> >> /lib/squid/basic_db_auth --dsn >> "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user >> "squid" --password "squid" --table "passwd" --usercol "user" >> --passwdcol "password" --cond "" --plaintext >> >> ERR unknown login ERR unknown login ERR unknown login ERR unknown >> login ERR unknown login >> >> >> Wt do u think ?? Mysql issue ? > > Input issue. Thats a user:password combination being presented that > does not exist in the table. > > Though it might be mysql interpreting the "password" in queries as > the built-in password() function. I renamed that column to "token" > in my auth DB. > > And like Yuri pointed out a DB of passwords in clear-text is not > the greatest of security. At minimum use salted MD5 for the final > setup. > > Amos _______________________________________________ squid-users > mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU2nwxAAoJENNXIZxhPexGR84H/0A1ZldvWUbknbLPggemiXI7 fGF4B06K1IlgpVcXFZuyrCl9YQWdQfCv2PYbh5bVJuHzao4D146dmom7Ppvh0H4r lcZEHb8ahr69Mzn43iozx5g8uuWJtoLRv3MFg73yR209H08XClJo7cnBYIj/Ije5 CftttAz0c+kxnR2GkyOU2Rp3xkwK1RQdre8BeRSPRYrFww11jqv35QY4O0M2VCQg L5Ljx2s+rBto1Bg79VvV5syyEo3aOMIOXS8nUFqFYboVR4LFrakFk6mKVOI7klvH t+4x/oUG3ZGlMdSbxKEn1w2mP1dpWnrN1d2lKCkQPv2qVmm6gInNPzXr2PAoNAI= =gzYx -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
