Gael Lams,

The problem is, MD5 is non-reversible. Any encryption you use that is non reversible... obviously cannot be reversed, right? If it can't be reversed, that's what you have to send for the connection - and anyone sending that will get through just fine.

Here, let me explain. If you were to store the password MD5'd, say in $password, you would have to pass that (the md5'd version) to mysql_connect(). If you can pass it to that function, anyone can... and so the encryption doesn't help anyone (except that the password is longer.)

Generally, the solution would be a challenge login, but even then the client needs to know the clear text password, and so it needs to be saved somewhere.

There is one solution to this: certificates, but that's still by machine. See the documentatation for more information:

http://www.php.net/ref.mysql

-[Unknown]

-------- Original Message --------

Hi all

I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do

Regards,

GaŽl

        function SQLConnect()
        {
                $server_name = 'localhost';
                $db_name = 'cmsdb';
                $user_name = 'user';
                $password = 'clearpassword';

                if (!$dbconnect =
mysql_connect($server_name, $user_name, $password))
                {
                        echo "Connection failed to the
host 'localhost'.";
                        exit;
                }
                if (!mysql_select_db($db_name))
                {
                        echo "Cannot connect to
database '.$db_name.'";
                        exit;
                }
        }

-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to