Wrox Programmer Forums
|
PHP Databases Using PHP in conjunction with databases. PHP questions not specific to databases should be directed to one of the other PHP forums.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the PHP Databases section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old February 9th, 2005, 11:09 AM
Authorized User
 
Join Date: Jul 2004
Posts: 79
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to rajuru Send a message via Yahoo to rajuru
Default Password

I store my password to database after encryption using PASSWORD() function
mysql_query("INSERT INTO 'table' (`id`,`username`,`pass`) VALUES('','".$_POST['username']."',PASSWORD('".$_POST['pass']."'))");

I stored successfully, and by Phpmyadmin, I see that password was encrypted. the password I stored was 123456 and I see it is like 7dc963da69c.... (this encryption password generated by me, not by mysql)

now I want to get back my originial password, i.e. 123456 by mysql_query statement.

Pls. tell how I can get it back

Best Regard:
Md. Zakir Hossain (Raju)
www.rubd.net
www.xenex.rubd.net
www.forum.rubd.net
__________________
Best Regard:
Md. Zakir Hossain (Raju)

www.rajuru.xenexbd.com - my blog with PHP scripts, PHP Book Review and many more
 
Old February 10th, 2005, 12:05 AM
Authorized User
 
Join Date: Dec 2004
Posts: 44
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to colin.horne
Default

Read: http://dev.mysql.com/doc/mysql/en/en...functions.html

Quotes:

"PASSWORD() encryption is one-way (not reversible)."

"The PASSWORD() function is used by the authentication system in MySQL Server, you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your application."

Basically, always _hash_ passwords, instead of encrypt them. That means that it's impossible to find the original value of the password (yes, you can find other plain texts that give the same hash, but there's no guarantee that it's the original password (although apparently 2 plaintexts giving the same hash is _extremely_ rare)).

Hope this helps

Cheers
--Colin

--
Please contact me at:
Colin (dot) Horne (at) gmail (dot) com
My blog: http://colinhorne.blogspot.com





Similar Threads
Thread Thread Starter Forum Replies Last Post
Log in And password ashik112 Classic ASP Basics 2 February 25th, 2007 07:38 PM
using password in Acces Vince_421 Access VBA 8 February 6th, 2007 08:06 AM
password encryption angshujit ASP.NET 2.0 Basics 1 January 4th, 2007 03:34 PM
username and password abhi_loveu2002 ASP.NET 2.0 Basics 1 December 14th, 2006 05:25 AM
Need help password encrypt flyfish SQL Server 2000 9 July 12th, 2005 01:23 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.