RE: [PHP] Format of Encrypted Password

Wed, 06 Sep 2006 09:00:55 -0700 

hi kevin...

if you already received an answer to this email, feel free to disregard.

the "password" that you're questioning is from mysql.
---------------------------------------------------
[EMAIL PROTECTED] test]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 4.1.20-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> help password
Name: 'PASSWORD'
Description:
Syntax:
PASSWORD(str)

Calculates and returns a password string from the plaintext password
str and returns a binary string, or NULL if the argument was NULL. This
is the function that is used for encrypting MySQL passwords for storage
in the Password column of the user grant table.
Examples:
mysql> SELECT PASSWORD('badpwd');
        -> '7f84554057dd964b'

-------------------------------------------------

hope this clarifies/helps!


-----Original Message-----
From: Kevin Murphy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 05, 2006 4:53 PM
To: PHP
Subject: Re: [PHP] Format of Encrypted Password


The only thing I can find anywhere in the code is this:

$auth_user = $_SERVER['PHP_AUTH_USER'];
$auth_pw = $_SERVER['PHP_AUTH_PW'];     
$query = "select name from table where name = '$authuser' and  
password = password('$auth_pw')";

I've never seen that password('$auth_pw') part before. Is that a  
mysql part that I am not familiar with and that I should know? I've  
been known to miss obvious stuff before.....

-- 
Kevin Murphy
Webmaster: Information and Marketing Services
Western Nevada Community College
www.wncc.edu
775-445-3326


On Sep 5, 2006, at 4:25 PM, Chris W. Parker wrote:

> Kevin Murphy <mailto:[EMAIL PROTECTED]>
>     on Tuesday, September 05, 2006 3:27 PM said:
>
>> The passwords are called in the application by:
>>
>> $_SERVER['PHP_AUTH_PW']
>
>> Is there any way to tell how these passwords were encrypted?
>
> Have you tried searching the entire codebase for that string? Might  
> get
> you some clues.
>
> From the commandline (and at the root of the codebase):
>
> # grep -R PHP_AUTH_PW *
>
>
>
> Chris.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to