Quoting Martin Moss <[EMAIL PROTECTED]>:

> All,
> 
> I wish to let a user use the same password for them to authenticate to a
> multitude of mysql Databases AND to authenticate themselves on my modperl
> site.
> the problem I have is that I store the password in the database as a
> Password field. However when I wish to use DBI to connect to another mysql
> database I cannot use the Password stored in the database as it comes out
> encrypted.  I really don't want to store the unencrypted password anywhere
> on the system. Is there a way to let DBI/mysql know that the password I am
> giving them is ALREADY encrypted?

A feature like that would defeat the purpose of encrypting the password in the
first place.  The point of encrypting the password is so that if someone gets
their hands on the password list, they can not use the encrypted password to
access the system.  They would have to crack the passwords first before using
them to access the system.

By allowing someone to access the system with an already encrypted password,
then your passwords might as well not be encrypted at all.

Since you are using MySQL, have you looked at using the mysql_read_default_file
option to store your password in a config file?  Using a DSN like the following
allows you to keep the username and password in a config file.  Check the
DBD::mysql perldocs for more info, and the MySQL docs for all the parameters you
can put in such a file.

DBI:mysql:test;mysql_read_default_file=/etc/mysql/test.my.conf

and in /etc/mysql/test.my.conf

[client]
user = www
password = thebigsecretpassword

Then protect the file:

chown www /etc/mysql/test.my.conf
chmod 400 /etc/mysql/test.my.conf

You still have the password in plain text, but it is readable only by root and
the user that runs the webserver.  You can use this to connect to multiple MySQL
servers as long as the access tokens are the same on all servers.

Cees

Reply via email to