On Tue, 2003-02-11 at 15:39, Curtis Maurand wrote:
>
> The manual suggests that the password function is really for intenal mysql
> functions. Ideally you should use the encode or md5_encode functions.
>
> update user set password=encode('password', 'salt') where user =
> 'your_user';
>
Unless manual does not say, what method is used for encode(), I would
prefer MD5() which is known to be good enough.
I remember something about "encode" from source code. If I remember
properly it was "home-made" algorithm and home-made algorithms are
always known to be "keep-away" algorithms.=20
If you need security, always hire expert to analyze your needs and
suggest exact ways to improve it. Even smaller mistake can void all
efforts to secure something. Most security problems I have seen are
results of doing security without knowing about topic. Often they lead
to headlines as it was in CNN few months ago: "hackers stoled credit
reports of 15000 people".
Use MD5() or SHA1() for one-way hashing where result never needs to be
decrypted (usually passwords)
Use DES_ENCRYPT() for encrypting data if you want to decrypt it at some
point.
Surely do not use PASSWORD() anywhere.
Tõnu
sql
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
