Gael Lams,

The problem is, MD5 is non-reversible. Any encryption you use that is non reversible... obviously cannot be reversed, right? If it can't be reversed, that's what you have to send for the connection - and anyone sending that will get through just fine.

Here, let me explain. If you were to store the password MD5'd, say in $password, you would have to pass that (the md5'd version) to mysql_connect(). If you can pass it to that function, anyone can... and so the encryption doesn't help anyone (except that the password is longer.)

Generally, the solution would be a challenge login, but even then the client needs to know the clear text password, and so it needs to be saved somewhere.

There is one solution to this: certificates, but that's still by machine. See the documentatation for more information:


-------- Original Message --------

Hi all

I use the classic following rows to connect to a mysql
database. I always put $passsword in clear in the php
connection file and I wonder whether there is a way to
have it in md5 so that someone reading the file could
not use it to connect to the db. I googled a bit but
find only threads explaining how to have password
saved in md5 inside a mysql table which is not I would
like to do



        function SQLConnect()
                $server_name = 'localhost';
                $db_name = 'cmsdb';
                $user_name = 'user';
                $password = 'clearpassword';

                if (!$dbconnect =
mysql_connect($server_name, $user_name, $password))
                        echo "Connection failed to the
host 'localhost'.";
                if (!mysql_select_db($db_name))
                        echo "Cannot connect to
database '.$db_name.'";

-- PHP Database Mailing List ( To unsubscribe, visit:

Reply via email to