| Gary Theisen 2004-05-14, 1:30 pm |
| Thanks for the info Hans!
I've got it working now.
-----Original Message-----
From: Hans Lellelid [mailto:hans@velum.net]
Sent: Thursday, May 13, 2004 7:28 PM
To: Gary Theisen
Cc: 'php-db@lists.php.net'
Subject: Re: Secure MySQL Access md5()
Hi,
Passwords in the mysql.users table must be encrypted using MySQL's
native PASSWORD() function, not MD5(). With newer versions of MySQL, I
think there is some change in this, but AFAIK for 4.0.18 this is still true.
When connecting to the database you always use the plaintext password,
and MySQL will do the encrypting (using PASSWORD()) and check it against
what is in the row of the users table.
HTH,
Hans
Gary Theisen wrote:
>
> Hi all,
>
> I've got:
>
> WinNT
> php 4.3.1
> phpmyadmin 2.5.6
> MySQL 4.0.18-nt
>
> I can connect to my db via my php script using:
>
> [php]
> $connection = mysql_connect ("localhost", "root", "")
> [/php]
>
> That works no problem.
>
> This will not work however:
>
> [php]
> $somePass = md5("somePass");
> $connection = mysql_connect ("localhost", "someID", $somePass) [/php]
>
> gives me this error:
>
> [quote]
> Access denied for user: 'someID@localhost' <mailto:'someID@localhost'>
> (Using password: YES) [/quote]
>
> I set someID up in the db using phpmyadmin, with it's password using
> the
> md5() function. I can see via phpmyadmin that someID does indeed have a
32
> byte encrypted password stored.
>
> I can then compare the stored md5 password to the md5 password I'm
> passing to try to connect...via $somePass. The encrypted passwords
> match exactly.
>
> Why wouldn't the match be confirmed...allowing me to connect?
>
> Thanks!
>
|