Quoting Martin Moss <[EMAIL PROTECTED]>: > All, > > I wish to let a user use the same password for them to authenticate to a > multitude of mysql Databases AND to authenticate themselves on my modperl > site. > the problem I have is that I store the password in the database as a > Password field. However when I wish to use DBI to connect to another mysql > database I cannot use the Password stored in the database as it comes out > encrypted. I really don't want to store the unencrypted password anywhere > on the system. Is there a way to let DBI/mysql know that the password I am > giving them is ALREADY encrypted?
A feature like that would defeat the purpose of encrypting the password in the first place. The point of encrypting the password is so that if someone gets their hands on the password list, they can not use the encrypted password to access the system. They would have to crack the passwords first before using them to access the system. By allowing someone to access the system with an already encrypted password, then your passwords might as well not be encrypted at all. Since you are using MySQL, have you looked at using the mysql_read_default_file option to store your password in a config file? Using a DSN like the following allows you to keep the username and password in a config file. Check the DBD::mysql perldocs for more info, and the MySQL docs for all the parameters you can put in such a file. DBI:mysql:test;mysql_read_default_file=/etc/mysql/test.my.conf and in /etc/mysql/test.my.conf [client] user = www password = thebigsecretpassword Then protect the file: chown www /etc/mysql/test.my.conf chmod 400 /etc/mysql/test.my.conf You still have the password in plain text, but it is readable only by root and the user that runs the webserver. You can use this to connect to multiple MySQL servers as long as the access tokens are the same on all servers. Cees
