On Tue, 2003-02-11 at 15:39, Curtis Maurand wrote: > > The manual suggests that the password function is really for intenal mysql > functions. Ideally you should use the encode or md5_encode functions. > > update user set password=encode('password', 'salt') where user = > 'your_user'; >
Unless manual does not say, what method is used for encode(), I would prefer MD5() which is known to be good enough. I remember something about "encode" from source code. If I remember properly it was "home-made" algorithm and home-made algorithms are always known to be "keep-away" algorithms.=20 If you need security, always hire expert to analyze your needs and suggest exact ways to improve it. Even smaller mistake can void all efforts to secure something. Most security problems I have seen are results of doing security without knowing about topic. Often they lead to headlines as it was in CNN few months ago: "hackers stoled credit reports of 15000 people". Use MD5() or SHA1() for one-way hashing where result never needs to be decrypted (usually passwords) Use DES_ENCRYPT() for encrypting data if you want to decrypt it at some point. Surely do not use PASSWORD() anywhere. Tõnu sql --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php