Hi!

On Feb 04, Jianping Zhu wrote:
> 
> I have mysql in a redhat machine. I need to use mysql do user
> authentication to a website.
> I have a table like following.
> 
> +----------+----------+
> | username | passwd   |
> +----------+----------+
> | jianping | jian1830 |
> | chichi   | jian1830 |
> +----------+----------+
> 
> I want the passwd field not to be plain text but encrypted. how can i do
> that?
> 
> Thanks.

As Tonu has pointed out you should NOT use PASSWORD() function.
It's is only used to encrypt passwords used in MySQL authentification
protocol. Furthermore, it was changed in MySQL 4.1, so you application
won't be able to work with MySQL 4.1.

Use MD5() or SHA1() functions.
SHA1() was added recently, and MD5() is available for a long time
already.

Also, if you'll have Perl or PHP interface (or, actually, any other
custom written interface), it's better to calculate md5() in the
application (e.g. it's Digest::MD5 module in perl), like this:

  use Digest::MD5  qw(md5_hex);
  $sth->do('INSERT INTO table VALUES("jianping","' . md5_hex('jian1830') . '")');

instead of

  $sth->do('INSERT INTO table VALUES("jianping",md5("jian1830"))');

so that plain-text passwords won't show up in update or binary logs.
 
Regards,
Sergei

-- 
MySQL Development Team
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__  MySQL AB, http://www.mysql.com/
/_/  /_/\_, /___/\___\_\___/  Osnabrueck, Germany
       <___/

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to