Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Mysql Passwords

  • 17-10-2006 3:03pm
    #1
    kat9182
    Closed Accounts Posts: 46


    Does anyone know how I can update an encrypted field?

    Like if I want to "Update LOGIN set password='blahblah' where UserName='penelope'"

    Thanks


Comments

  • #2
    deckie27
    Registered Users, Registered Users 2 Posts: 1,906 ✭✭✭deckie27


    Alot of web apps use MD5 encryption
    There are loads of sites that will convert passwords for you.
    Google it


  • #3
    ceejay
    Registered Users, Registered Users 2 Posts: 456 ✭✭ceejay


    It depends on what exactly you're doing.

    If you are using a table to store your own user names and passwords rather than MySQL's own user access system, then a common approach is to store the hash of the user's password rather than the literal password. There are several hashing functions available in MySQL (depending on the version you are using). You can get full details from the online MySQL manual here. The MD5() function should be available to you whatever the version of MySQL you are using is.

    So, for example, if you have a table with two columns "user" and "password" then you can add a new user thus:

    INSERT INTO LOGIN (user, password) VALUES ('penelope',MD5('blahblah'));

    Then you can check a password passed in is correct in this way:

    SELECT user FROM LOGIN WHERE user = 'penelope' AND password = MD5('somepassword');

    If the password doesn't match you get no results, if it matches you get the record back with the user name.

    To change the password you do this:

    UPDATE LOGIN set password = MD5('newpassword') WHERE user = 'penelope' AND password = MD5('oldpassword');

    The check for the old password is optional, especially if you don't know what it was :)

    You don't have to use the MD5() function, but whatever one you use the key thing is to be consistent. If this is an existing system, check what hashing/encryption is used for validating the passwords and stick with that.

    Also, you should be using an SSL link if you're passing the user and password values from a web form. You may want to look at hashing the password using JavaScript before submitting them over the internet if you can't use SSL. This should make no difference as long as the same hashing function is used when setting the password and then checking it later.

    HTH.

    Ciarán.


Advertisement