RE: [PHP-DB] Password Reset

As every body as said, it is not a best security practice to decrypt passwords if the user forgets it. You should not provide of ways for hackers to decrypt such passwords in the event of a security incident. You better allow users to reset their passwords after providing evidence of her/his auth

Re: [PHP-DB] Password Reset

On Wed, Feb 27, 2008 at 1:52 AM, Nasreen Laghari <[EMAIL PROTECTED]> wrote: > Hi, > > I have encrypted password in database and I encrypted using MD5(). As it is > a one-way Hash so I cant get password back to original text !!! > > What encrypting technique I used to encrypt password so if user

RE: [PHP-DB] Password Reset

generate a new password and email that to the user bastien > Date: Tue, 26 Feb 2008 22:52:01 -0800> From: [EMAIL PROTECTED]> To: > php-db@lists.php.net> Subject: [PHP-DB] Password Reset> > Hi,> > I have > encrypted password in database and I encrypted using MD5(). As it is a > one-way Hash so

Re: [PHP-DB] Password Reset

Nasreen Laghari wrote: Hi, I have encrypted password in database and I encrypted using MD5(). As it is a one-way Hash so I cant get password back to original text !!! What encrypting technique I used to encrypt password so if user forget, I can decrypt password and email it. Don't worry ab

Re: [PHP-DB] Password Reset [bayes]

Don't. Re-generate a randomized password and force the user to reset it upon first login. Only allow the user to do this if they answer a security question successfully. It's how many online entities will perform password recovery. Thanks, Chris On 2/26/08 10:52 PM, "Nasreen Laghari" <[EM

Re: [PHP-DB] Password decryption

On Feb 16, 2008 10:17 PM, Nasreen Laghari <[EMAIL PROTECTED]> wrote: > Hi, > > I'm junior in PHP and stuck on Encryption. > > I have encrypted password using SQL : > > $query = "insert into user (userid,password,) values > ('$username',Password('$pass'));"; It's a one-way encryption method, s

Re: [PHP-DB] Password decryption

Nasreen Laghari wrote: > Hi, > > I'm junior in PHP and stuck on Encryption. > > I have encrypted password using SQL : > > $query = "insert into user (userid,password,) values > ('$username',Password('$pass'));"; > > Which is working perfect. Now I'm working on Login page where I have to

RE: [PHP-DB] Password decryption

Hi, Note from the manual: PASSWORD() encryption is one-way (not reversible). Also note: === Note The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that pu

RE: [PHP-DB] Password field in a web form

type=password bastien From: "Ron Piggott" <[EMAIL PROTECTED]> Reply-To: "Ron Piggott" <[EMAIL PROTECTED]> To: "PHP DB" Subject: [PHP-DB] Password field in a web form Date: Sat, 17 Sep 2005 19:20:49 -0500 How do you make *'s come up on the screen in a password field instead of what the user i

Re: [PHP-DB] Password field in a web form

this is not a php question.. simply set.. type="password" instead your type="text" ~viraj On 9/18/05, Ron Piggott <[EMAIL PROTECTED]> wrote: > How do you make *'s come up on the screen in a password field instead of > what the user is actually typing in? > > > > > -- > PHP Database Mailing

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Monday 28 February 2005 19:33, Simon Rees wrote: > You said in that post: "Set default MySQL user and password in your > virtual host container. Then connect to MySQL without specifying user > and password." > > Presumably the file which contains the virtual host directive is > readable by the

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Monday 28 February 2005 10:52, Jason Wong wrote: > > If you don't need the flexibility of the custom program and would rather > make use of existing infrastructure: > > http://marc.theaimsgroup.com/?l=php-general&m=110137778213700&w=2 You said in that post: "Set default MySQL user and password i

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Monday 28 February 2005 18:44, Simon Rees wrote: > On Sunday 27 February 2005 20:53, Micah Stevens wrote: > > I think about as safe as you can get is by putting the connection > > data out of the served directory, somewhere that's not directly > > accessable, and concentrate on system integrity.

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Sunday 27 February 2005 20:53, Micah Stevens wrote: > I think about as safe as you can get is by putting the connection data > out of the served directory, somewhere that's not directly accessable, > and concentrate on system integrity. (security wise) A refinement of this technique is availab

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

> > The original question was concerning that if someone somehow had access to > the file which stored the connections details then they would be able to > use it to connect to the mysql server. Now if someone somehow had access > to your key then it's game over for you. Unless you password prot

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Sunday 27 February 2005 07:11, Micah Stevens wrote: > Well, yes, but as my key is never transmitted from client to server, > it's safer. ;) > > I encrypt a connect request with my private key, which is can be > unencrypted by the public key, but the server knows it's me because > only the privat

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

Well, yes, but as my key is never transmitted from client to server, it's safer. ;) I encrypt a connect request with my private key, which is can be unencrypted by the public key, but the server knows it's me because only the private key can make the encryption. The message is sent over the ne

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Saturday 26 February 2005 04:16, Micah Stevens wrote: > I was just thinking that a better way to do this is with a > public/private key set. Then it would be secure, but as someone else > mentioned, you'd have to patch the source to make it work. How would it be safer? Correct me if I'm wrong:

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

. > > Good luck, > > Bob Sherer > > -Original Message- > From: Jon-Eirik Pettersen [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 24, 2005 10:54 AM > To: Gael Lams > Cc: php-db@lists.php.net > Subject: Re: [PHP-DB] password in md5 to connect to mysql

RE: [PHP-DB] password in md5 to connect to mysql instead of clear password

y, February 24, 2005 10:54 AM To: Gael Lams Cc: php-db@lists.php.net Subject: Re: [PHP-DB] password in md5 to connect to mysql instead of clear password On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote: > Hi all > > I use the classic following rows

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

[never made it to list, no idea why - been 26 hours - resending.] [ may have been since it had reply-to field before to - funny...] Gael Lams wrote: Hi all I use the classic following rows to connect to a mysql database. I always put $passsword in clear in the php connection file and I wonder wheth

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

I was just thinking that a better way to do this is with a public/private key set. Then it would be secure, but as someone else mentioned, you'd have to patch the source to make it work. -Micah On Friday 25 February 2005 07:29 am, Robby Russell wrote: > On Thu, 2005-02-24 at 02:37 -0800, Ga

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Thu, 2005-02-24 at 02:37 -0800, Gael Lams wrote: > Hi all > > I use the classic following rows to connect to a mysql > database. I always put $passsword in clear in the php > connection file and I wonder whether there is a way to > have it in md5 so that someone reading the file could > not use

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

Not answering your question but I'd put the connect info into a separate include file. This should then be placed in a directory that can be accessed by the Web Server but not by any other user (except root). Then when you need to establish a connection you just need to include the file. graeme

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

Nope, the login function uses cleartext. Put your connect function in a seperate file in a secure directory, and include() it to make the connection. That seems to be the way to do it, someone else may have a better idea. -Micah On Thursday 24 February 2005 02:37 am, Gael Lams wrote: > Hi al

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

Gael Lams wrote: Hi all I use the classic following rows to connect to a mysql database. I always put $passsword in clear in the php connection file and I wonder whether there is a way to have it in md5 so that someone reading the file could not use it to connect to the db. I googled a bit but find

Re: [PHP-DB] password in md5 to connect to mysql instead of clear password

On Thu, 24 Feb 2005 02:37:01 -0800 (PST), Gael Lams <[EMAIL PROTECTED]> wrote: > Hi all > > I use the classic following rows to connect to a mysql > database. I always put $passsword in clear in the php > connection file and I wonder whether there is a way to > have it in md5 so that someone readi

Re: [PHP-DB] password encryption

gt; To: Han <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: [PHP-DB] password encryption Date: Fri, 19 Nov 2004 07:21:53 -0500 Han, You can try installing mcrypt, it gives you encryption/decryption capabilities in PHP. It's fairly easy to install in you're running a Windows syste

Re: [PHP-DB] password encryption

_user" <[EMAIL PROTECTED]> To: "Han" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, November 19, 2004 12:21 PM Subject: Re: [PHP-DB] password encryption Han, You can try installing mcrypt, it gives you encryption/decryption capabilities in PHP. It's fairly

Re: [PHP-DB] password encryption

Han, You can try installing mcrypt, it gives you encryption/decryption capabilities in PHP. It's fairly easy to install in you're running a Windows system; I think you have to recompile php if your on a Linux system, and I have never been able to successfully do that. You might look into it t

RE: [PHP-DB] password encryption

-Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 18, 2004 12:15 PM > To: [EMAIL PROTECTED] > Subject: RE: [PHP-DB] password encryption > > > Quoting "Gryffyn, Trevor" <[EMAIL PROTECTED]>: > > > If yo

RE: [PHP-DB] password encryption

Quoting "Gryffyn, Trevor" <[EMAIL PROTECTED]>: > If you want to be cheesy, you can also use something like an MD5 has on > "dog" and get whatever it gets Then every time someone enters "dog" > it always ends up with the same MD5 hash. How is using MD5 cheesy? I've implemented exactly that so

RE: [PHP-DB] password encryption

You can use PHP to handle the auth headers and all: http://www.php.net/manual/en/features.http-auth.php That might give you more flexibility than trying to dynamically set it on the .htpassword and such. There are a couple of ways to encrypt something. You can do it in a way that can be decry

RE: [PHP-DB] password () function.

el: Jueves, 10 de Junio de 2004 10:13 a.m. Para: Miguel Guirao CC: [EMAIL PROTECTED] Asunto: Re: [PHP-DB] password () function. > Is this function, password() available at PHP Ander Windows? > > I get an undefinied function error message! There is no PASSWORD() function in PHP. There

Re: [PHP-DB] password () function.

Is this function, password() available at PHP Ander Windows? I get an undefinied function error message! There is no PASSWORD() function in PHP. There is, however, a PASSWORD() function in MySQL and other database applications. Larry PS It looks like you hijacked someone else's thread, which you

RE: [PHP-DB] password input type

the onlooker From: matthew perry <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [PHP-DB] password input type Date: Mon, 05 Apr 2004 13:14:17 -0500 Does using a pasword input type make the transfer more secure from someone "sniffing" my connection or does it only shield an onlooker from se

Re: [PHP-DB] password input type

It is possible to md5 encrypt a password before you send it off to the server using javascript onSubmit function. Check this code out: http://pajhome.org.uk/crypt/md5/ -Jeff Moss - Original Message - From: "matthew perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 05

Re: [PHP-DB] password input type

I'm pretty sure it just shields the "on looker" from viewing. View source in the browser still shows what the VALUE is, if any. > Does using a pasword input type > make the transfer more secure from someone "sniffing" my connection or > does it only shield an onlooker from seeing what the user e

RE: [PHP-DB] password input type

It's presentation layer only - the data is not encrypted during transfer. Rich > -Original Message- > From: matthew perry [mailto:[EMAIL PROTECTED] > Sent: Monday, April 05, 2004 2:14 PM > To: [EMAIL PROTECTED] > Subject: [PHP-DB] password input type > > > Does using a pasword input ty

Re: [PHP-DB] Password encryption

It is a string function that returns a 32-character md5 hash of "password." MD5 is the name for a current RSA Message Digest Algorithm encryption method. A search in the manual for md5 gets you to the little bit of information in the manual plus a link to RFC 1321 which likely provides more inf

Re: [PHP-DB] Password encryption

On Thu, 04 Mar 2004 12:46:51 -0600, Mignon Hunter wrote: >Can anyone recommend, or does anyone have handy, a script that will encrypt passwords >AND then also be able to retrieve the encrypted password. > >Checking out the docs and some books has confused me mostly. > >Thx > Yes and no. $pw =

Re: [PHP-DB] password---simple questions but...

Hadi wrote: Hi, all please help me in this, Iam using MYSQL , my colomn is password varchar(12) insert into tablepassword values ('',password('def')); PASSWORD() always returns a result that's 16 characters. So you should be using a VARCHAR(16) column. -- ---John Holmes... Amazon Wishlist: www.

Re: [PHP-DB] password generator

Thanx you all guys, great tools indeed! - Original Message - From: "Roger Spears" <[EMAIL PROTECTED]> To: "php database" <[EMAIL PROTECTED]> Sent: Wednesday, December 10, 2003 6:33 PM Subject: Re: [PHP-DB] password generator > Here's one I

Re: [PHP-DB] password generator

Here's one I've used recently with success http://www.devhood.com/tools/tool_details.aspx?tool_id=784 Thanks, Roger -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] password generator

Hi HTH Peter --- Excellence in internet and open source software --- Sunmaia Birmingham UK www.sunmaia.net tel. 0121-242-1473 International +44-121-242-1473 ---

Re: [PHP-DB] Password generator

> a simple way would be to : $pass = $allowable_characters[mt_rand(0,$ps_len-5)] for($i = 0; $i < ($length -2); $i++) { $pass .= $allowable_characters[mt_rand(0,$ps_len-1)]; } $pass .= $allowable_characters[mt_rand(0,$ps_len-5)] // This variable contains the list of allo

Re: [PHP-DB] Password help plz

Shelly, Retrieve a decrypted password for display? Can't do it, MySQL's password() function is one way. Check this page of the MySQL docs: http://www.mysql.com/doc/M/i/Miscellaneous_functions.html You can display the password as encrypted by that function. PHP doesn't have a password() funct

RE: [PHP-DB] password problem

post your code -Original Message- From: James Kupernik [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17, 2002 8:23 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] password problem I'm creating this form where the person needs to enter a password to move on. When they enter the password

Re: [PHP-DB] Password Question

I think you both (Jeff and Jon) misunderstood what I meant... Of course, I probably didn't explain very well either :-) I will describe the process again and then address each of your concerns... - Create a form named lostpass.php or something similar. This form should take the user's email ad

Re: [PHP-DB] Password Question

Don't let them change it to whatever they want - have your program/system create a new, random password and e-mail it to the user's account. Unless the malicious person has a way to intercept the e-mail - which is possible - it's kind of useless. But how else are you going to get that information

RE: [PHP-DB] Password Question

I like the new password idea. How do I make sure it's them who's creating a new password so that someone else doesn't maliciously change their password? If someone knew someone's username and e-mail address I would think they could change it. Thanks. Jeff > This doesn't seem to solve his problem

Re: [PHP-DB] Password Question

Ugh, need to proof-read... Let me repost: Jeff, In order to maintain a strong encryption of passwords, you should probably use an MD5 hash. Unfortunately, this is a one-way street. What I would suggest doing however, is not actually attempt to give the user their password, but allow them to c

Re: [PHP-DB] Password Question

Jeff, In order to maintain a strong encryption of passwords, you should probably use an MD5 hash. Unfortunately, this is a one-way street. What I would suggest doing however, is not actually attempt to give the user their password, but allow them to change it. To do this, you would need to hav

Re: [PHP-DB] Password Question

This doesn't seem to solve his problem of encryption, however. If you really want secure encryption, you'll be using one-way encryption, which means it cannot be decoded/decrypted/unencrypted/whatever. If you want to use this method, then instead of sending them their password, it would be best to

Re: [PHP-DB] Password Question

Sorry it should have read: if ($check != 0) echo "this username already exists, select another."; } else { echo "continue!"; } Cheers. Russ On Fri, 31 Aug 2001 17:43:59 +0100 (GMT Daylight Time) Russ Michell <[EMAIL PROTECTED]> wrote: > Have a registration scre

Re: [PHP-DB] Password Question

Have a registration screen that inserts their names, email etc *and* their choice of username + password: $sql = "INSERT INTO (username,realname,password,email) VALUES ('$username',$realname',password('$password'),'$email')"; $result = mysql_query($sql,$connect); //and do a check if the user

RE: [PHP-DB] PASSWORD('xxxxx') and PHP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Is there a way to encode a string in PHP exactly like MySQL does it > in its PASSWORD() Function? > > Reason being Is I have a table with PASSWORD() encoded fields > that I need to > compare from PHP. just include PASSWORD() in your query ie.

Re: [PHP-DB] password

Thanks Alexey, I have set the passwd for the root user,but now how do i set the passwd for other users. Another Q ,Can I have a passwd for each table created -Thanks Sharmad On Tue, Jul 17, 2001 at 11:10:31AM +0400, Alexey Borzov wrote: > Greetings, Sharmad! > > At 17.07.2001, 08

Re: [PHP-DB] password

Greetings, Sharmad! At 17.07.2001, 08:27, you wrote: SN> Hi, SN> Can anyone tell me how to protect my database or else how can i set my password in postgres for every database. Can you be more specific? If your problem is that anyone can connect to any DB on local box (which is th

Re: [PHP-DB] Password Protect page

Hey Lisa, it's very simple. You was on the right way! The reason that you got the error 'header already sent': you did NOT use header at the top of your script! There we're some bytes send to the client! So your header only can be sent if the client did not receive some data!!! Below an exampl

Re: [PHP-DB] Password Protect page

I ALWAYS use this set of scripts because they don't have to integrate into your pages. They are a front end check that you just add one line to the top of all your pages you want to secure. The check runs and if they have clearance, THEN your page displays. Very easy to use and customize. yo

Re: [PHP-DB] Password Protect page

At 22.06.2001 11:23, you wrote: >I tried but to no avail, I was trying to >send the header to redirect if the password in the input box matches the >database password but it kept saying that the header was already sent.. I >tried Javascript aswell, doing a location.href = "URL" within the "if" >s

Re: [PHP-DB] Password Protect page

// USED FOR AUTHENTICATION function authenticate_user(){ Header("WWW-Authenticate: Basic realm=\"[EMAIL PROTECTED]\""); Header("HTTP/1.0 401 Unauthorized"); echo "You are not authorized to enter this section of the site!\n"; exit; } if(!is

RE: [PHP-DB] Password field!

Yes, that will work, just a) make sure that the password column in your database is 32 chars exactly [varchar(32) or something, as md5 hashes are 32 chars in length], and b) in the sql code you don’t want to say WHERE user = '$md5($pass)', rather, WHERE user = 'md5($pass)', or else it will treat $

RE: [PHP-DB] password / email

BDY.RTF -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]