Hi! On Feb 04, Jianping Zhu wrote: > > I have mysql in a redhat machine. I need to use mysql do user > authentication to a website. > I have a table like following. > > +----------+----------+ > | username | passwd | > +----------+----------+ > | jianping | jian1830 | > | chichi | jian1830 | > +----------+----------+ > > I want the passwd field not to be plain text but encrypted. how can i do > that? > > Thanks.
As Tonu has pointed out you should NOT use PASSWORD() function. It's is only used to encrypt passwords used in MySQL authentification protocol. Furthermore, it was changed in MySQL 4.1, so you application won't be able to work with MySQL 4.1. Use MD5() or SHA1() functions. SHA1() was added recently, and MD5() is available for a long time already. Also, if you'll have Perl or PHP interface (or, actually, any other custom written interface), it's better to calculate md5() in the application (e.g. it's Digest::MD5 module in perl), like this: use Digest::MD5 qw(md5_hex); $sth->do('INSERT INTO table VALUES("jianping","' . md5_hex('jian1830') . '")'); instead of $sth->do('INSERT INTO table VALUES("jianping",md5("jian1830"))'); so that plain-text passwords won't show up in update or binary logs. Regards, Sergei -- MySQL Development Team __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]> / /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/ /_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany <___/ --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php