FAQ
I'm writing a small perl script that will help web users manage an
"account" (i.e. their record in a mysql table). I want to store their
password in a field, but I don't want to store it in regular text. I'm
not sure if this is a perl or MySQL function, but I think there is some
method of "encrypting" the password in the field.

Has anyone done that before? Any help appreciated!

Thanks,

Rory

Search Discussions

  • Luke Davison at Apr 9, 2002 at 4:44 am
    Rory,

    I would recommend using MySQL's buit in password() function:

    INSERT INTO user ( username,password ) VALUES ( 'someuser', password(
    'plaintextpasshere' ) );
    SELECT ( username, password ) FROM user WHERE username='someuser' AND
    password=password( 'plaintextpass' );

    Regards,
    Luke Davison

    ----- Original Message -----
    From: "rory oconnor" <midget@elaris.com>
    To: "perl" <beginners@perl.org>
    Sent: Monday, April 08, 2002 9:08 PM
    Subject: Password Encryption for MySQL field

    I'm writing a small perl script that will help web users manage an
    "account" (i.e. their record in a mysql table). I want to store their
    password in a field, but I don't want to store it in regular text. I'm
    not sure if this is a perl or MySQL function, but I think there is some
    method of "encrypting" the password in the field.

    Has anyone done that before? Any help appreciated!

    Thanks,

    Rory


    --
    To unsubscribe, e-mail: beginners-unsubscribe@perl.org
    For additional commands, e-mail: beginners-help@perl.org
  • Rory oconnor at Apr 14, 2002 at 7:32 am
    OK, this is neat, but I can't seem to get it to wrok correctly. I can
    insert it just fine (i see the encrypted password in the field), but
    when I try to select it using the plain text password I can't.

    (using perl) for inserting:

    $insert_user = "insert into $table (email,password,date) VALUES
    (\"$email\",password( '$password '))";

    for selecting:

    $select_record = "select customer_id,email,password from $table where
    bill_email =\"$email\" AND password=password( '$password' )";

    am i doing something wrong?

    thanks!

    rory
    On Mon, 2002-04-08 at 23:43, Luke Davison wrote:
    Rory,

    I would recommend using MySQL's buit in password() function:

    INSERT INTO user ( username,password ) VALUES ( 'someuser', password(
    'plaintextpasshere' ) );
    SELECT ( username, password ) FROM user WHERE username='someuser' AND
    password=password( 'plaintextpass' );

    Regards,
    Luke Davison

    ----- Original Message -----
    From: "rory oconnor" <midget@elaris.com>
    To: "perl" <beginners@perl.org>
    Sent: Monday, April 08, 2002 9:08 PM
    Subject: Password Encryption for MySQL field

    I'm writing a small perl script that will help web users manage an
    "account" (i.e. their record in a mysql table). I want to store their
    password in a field, but I don't want to store it in regular text. I'm
    not sure if this is a perl or MySQL function, but I think there is some
    method of "encrypting" the password in the field.

    Has anyone done that before? Any help appreciated!

    Thanks,

    Rory


    --
    To unsubscribe, e-mail: beginners-unsubscribe@perl.org
    For additional commands, e-mail: beginners-help@perl.org

    --
    To unsubscribe, e-mail: beginners-unsubscribe@perl.org
    For additional commands, e-mail: beginners-help@perl.org
  • Ron at Apr 9, 2002 at 6:24 am
    This is my two-bits on your question. I hope this helps.

    Ex: ENCODE('str', 'password') str is the string of the chosen password and
    password is the mySQL encryption password for encoding/decoding the password
    string.

    ENCODES returns a binary string and may be decoded with DECODE(). You
    should use BLOB for the column since this result is binary.

    # Connect to the database through DBI (insert data to temporary table)
    $dbh = DBI->connect("DBI:mysql:HOST", "DB", 'DB_PASSWORD');
    $cursor_insert = $dbh->prepare("insert into table_name ('$username',
    ENCODE(str, password))");
    $cursor_insert->execute;



    # Connect to the database through DBI
    $dbh = DBI->connect("DBI:mysql:HOST", "DB", 'DB_PASSWORD');
    $cursor_select = $dbh->prepare("select username, DECODE(str, password)");
    $cursor_select->execute;

    Ron
    =================================================
    "Rory Oconnor" <midget@elaris.com> wrote in message
    news:1018325311.4548.184.camel@orthanc.thewhiteroom.com...
    I'm writing a small perl script that will help web users manage an
    "account" (i.e. their record in a mysql table). I want to store their
    password in a field, but I don't want to store it in regular text. I'm
    not sure if this is a perl or MySQL function, but I think there is some
    method of "encrypting" the password in the field.

    Has anyone done that before? Any help appreciated!

    Thanks,

    Rory
  • Ron at Apr 10, 2002 at 5:15 am
    Ooops! Correction:

    Incorrect -- connect("DBI:mysql:HOST", "DB", 'DB_PASSWORD');
    Should be -- connect( "dbi:mysql:dbname", "username", 'DBpassword');

    Ron
    =======================================
    "Ron" <ron@shadowdezign.com> wrote in message
    news:20020409062431.6560.qmail@onion.perl.org...
    This is my two-bits on your question. I hope this helps.

    Ex: ENCODE('str', 'password') str is the string of the chosen password and
    password is the mySQL encryption password for encoding/decoding the password
    string.

    ENCODES returns a binary string and may be decoded with DECODE(). You
    should use BLOB for the column since this result is binary.

    # Connect to the database through DBI (insert data to temporary table)
    $dbh = DBI->connect("DBI:mysql:HOST", "DB", 'DB_PASSWORD');
    $cursor_insert = $dbh->prepare("insert into table_name ('$username',
    ENCODE(str, password))");
    $cursor_insert->execute;



    # Connect to the database through DBI
    $dbh = DBI->connect("DBI:mysql:HOST", "DB", 'DB_PASSWORD');
    $cursor_select = $dbh->prepare("select username, DECODE(str, password)");
    $cursor_select->execute;

    Ron
    =================================================
    "Rory Oconnor" <midget@elaris.com> wrote in message
    news:1018325311.4548.184.camel@orthanc.thewhiteroom.com...
    I'm writing a small perl script that will help web users manage an
    "account" (i.e. their record in a mysql table). I want to store their
    password in a field, but I don't want to store it in regular text. I'm
    not sure if this is a perl or MySQL function, but I think there is some
    method of "encrypting" the password in the field.

    Has anyone done that before? Any help appreciated!

    Thanks,

    Rory

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupbeginners @
categoriesperl
postedApr 9, '02 at 4:08a
activeApr 14, '02 at 7:32a
posts5
users3
websiteperl.org

3 users in discussion

Rory oconnor: 2 posts Ron: 2 posts Luke Davison: 1 post

People

Translate

site design / logo © 2021 Grokbase