Just want to add a few more things here that might spark your brain cells. All in all I agree with the suggestions presented.
Use an encrypt function in your code, for something simple I've created a very basic encryption function in perl using Crypt::Blowfish modules and then I have control of the key to encrypt and decrypt it. Then you can process your request over SSL (if possible) just run the script over https if supported and then store the encrypted value in the database as a string. I think you can even run SSL on MySQL so that you can secure your connections further especially if you're replication your database etc. The MD5() function in PHP might also do the trick for you. http://www.php.net/manual/en/function.md5.php Good luck JM Gregory Junker wrote: > and it's all-around better to encrypt the password BEFORE you transmit > it over an unsecure connection, or even between processes on a > potentially unsecure machine. This means using, for example, the MD5() > function in PHP... > > > -----Original Message----- > > From: Matthew Smith [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 18, 2002 1:51 AM > > To: mysql > > Subject: Re: Encrpt/Decrypt > > > > > > > > > > Manish Mehta wrote: > > > > > Hi > > > > > > I can Encrypt password in mysql using password() command. > > what is the way > > > to decrypt the password. > > > > > > Manish > > > > > > > Hi Manish / All > > > > > > Somebody correct me if I'm wrong, but I think that what happens is > > what's called one-way encryption. This is how stuff is done in the > > world of Unix (and its clones) and others. > > > > > > Authentication is done by taking the password provided, > > encrypting it, then comparing against the encrypted key in > > the database. > > > > > > Cheers > > > > > > M > > > > -- > > Matthew Smith | _ ASCII Ribbon Campaign > > IT Consultant | ( ) - No HTML/RTF in e-mail > > Kadina, South Australia | X - No Microsoft docs in e-mail > > http://www.kbc.net.au | / \ - No vCards > > Ph: +61 888 212 395 | > > > > > > --------------------------------------------------------------------- > > Before posting, please check: > > http://www.mysql.com/manual.php (the manual) > > http://lists.mysql.com/ (the list archive) > > > > To request this thread, e-mail <[EMAIL PROTECTED]> > > To unsubscribe, e-mail > > <[EMAIL PROTECTED]> > > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php > > > > > > --------------------------------------------------------------------- > Before posting, please check: > http://www.mysql.com/manual.php (the manual) > http://lists.mysql.com/ (the list archive) > > To request this thread, e-mail <[EMAIL PROTECTED]> > To unsubscribe, e-mail <[EMAIL PROTECTED]> > Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
