Hmm, I can't aggree with having two password columns, one raw password and
another is encrypted. It just doesn't make any sence. Why do you need to
encrypt the password in that case, don't you still have the original
password in yoru database? It just defeats the whole purpose of
authentication. So don't do that. Keep one password, in encrypted form,
that's it.
William R. Mussatto wrote:
mussat: On Wed, 19 Dec 2001, Matt Wagner wrote:
mussat:
mussat: > Date: Wed, 19 Dec 2001 13:51:30 -0600 (CST)
mussat: > From: Matt Wagner <[EMAIL PROTECTED]>
mussat: > To: Zach Curtis <[EMAIL PROTECTED]>
mussat: > Cc: [EMAIL PROTECTED]
mussat: > Subject: Re: Decrypting PASSWORD() from MySQL
mussat: >
mussat: > Zach Curtis writes:
mussat: > > I have a form for a user to request their forgotten username and
password by
mussat: > > entering their email address. I then process this using PHP and use
mail()
mussat: > > to send them their username and password. However, the password is
stored in
mussat: > > an encrypted PASSWORD('password') field in the MySQL table. How can I
mussat: > > retrieve the decrypted password in a SELECT statement?
mussat: >
mussat: > Zach,
mussat: >
mussat: > You cannot do this. PASSWORD() is one-way.
mussat: >
mussat: > What you have to do is have two fields, 'passwd' and 'epasswd', with
mussat: > 'passwd' being clear-text, the other being encrypted (with PASSWORD()
mussat: > or other).
mussat: >
mussat: > If you want to obscure the clear-text field in a decodable fashion,
mussat: > then check out the ENCODE()/DECODE() functions.
mussat: >
mussat: > Note, in MySQL 4.x there will be two new functions,
mussat: > DES_ENCRYPT()/DES_DECRYPT().
mussat: I have read that DES is considered at or approaching the end of its
mussat: useful life and other encryption algorythms are now recommended.
mussat:
mussat: >
mussat: > Matt
mussat: >
mussat: > --
mussat: > For technical support contracts, visit https://order.mysql.com/
mussat: > __ ___ ___ ____ __
mussat: > / |/ /_ __/ __/ __ \/ / Mr. Matt Wagner <[EMAIL PROTECTED]>
mussat: > / /|_/ / // /\ \/ /_/ / /__ MySQL AB, Herr Direktor
mussat: > /_/ /_/\_, /___/\___\_\___/ Hopkins, Minnesota USA
mussat: > <___/ www.mysql.com
mussat: >
mussat: >
mussat: > ---------------------------------------------------------------------
mussat: > Before posting, please check:
mussat: > http://www.mysql.com/manual.php (the manual)
mussat: > http://lists.mysql.com/ (the list archive)
mussat: >
mussat: > To request this thread, e-mail <[EMAIL PROTECTED]>
mussat: > To unsubscribe, e-mail <[EMAIL PROTECTED]>
mussat: > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
mussat: >
mussat:
mussat: Sincerely,
mussat:
mussat: William Mussatto, Senior Systems Engineer
mussat: CyberStrategies, Inc
mussat: ph. 909-920-9154 ext. 27
mussat:
mussat:
mussat: ---------------------------------------------------------------------
mussat: Before posting, please check:
mussat: http://www.mysql.com/manual.php (the manual)
mussat: http://lists.mysql.com/ (the list archive)
mussat:
mussat: To request this thread, e-mail <[EMAIL PROTECTED]>
mussat: To unsubscribe, e-mail
<[EMAIL PROTECTED]>
mussat: Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
mussat:
--
Sherzod Ruzmetov <[EMAIL PROTECTED]>
http://www.UltraCgis.com, Consultant
989.774.6265
01001010010000010101000001001100
+----------------------------------------+
| There is nothing wrong with your tools.|
| But we can make a better one. |
+----------------------------------------+
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
