SuperbHosting.net have generously
sponsored
dedicated servers to ensure
a reliable and scalable dedicated hosting
solution for BigResource.com.
Login / Password Encryption
i am trying to create a very simple login system. all it does it input user data including a password and then when logging it it compares user name and password entered to find the user id (if exists) and then says you are logged in if a result was found. my problem is no results are ever found.
i have found that no matter what i do the password() function never returns the same value when im trying to select a user id with password=password('$inputedpassword') in the query to look up the user id.
so basically when i register the password is turned into a mess with password(), but wheni log in and use the same password() on it, it gives me something different.
BUT if i register under another user name and then use the same password, password() will give me the same mess (i checked this in the databse).
so i dont know why password() wont do the same thing when im using it in the query in login.php so that i can compare the passwords correctly. the only way i've been able to get this to login is to not encrypt anything. i have tried using md5 but that is giving me this same problem too. Code:
I'm mapping out the basic functionality and front-end for a MySQL/PHP back-end that will be completed by a third party. I'm a novice to MySQL but familiar with PHP and their interaction. Mainly looking for anything to support one method over the other.
Password Encryption (data Type)
When adding a password entry to a database I believe you can encrypt its value using PASSWORD(str) but could someone please confirm what data type I should use for the column in which it is stored?
Password Encryption To Store Passwords
What I'd like to do is have an html login page using php to process the request, and then compare the input strings to a username & password stored in a SQL table.
My question is though, what is the best way to store the password in the mySQL table. Is it better to store it as an encrypted value, and can I do this?
Password Cannot Login
I had problems in one of my user's account, I used phpMyAdmin to edit this user and changed his password. Whatever I change his password, he just cannot login, even very simple password such as "1" can't do the work... When I remove the password, he can login normally. I have checked the password field on the mysql table which is long enough to hold the full encrypted password, although I noticed an asterisk * was put at the beginning of the encrypted password, which was not found on other accounts I had a similar problem before and then I noticed my "username" and "password" field is too short to hold the whole username information, I fixed it by increasing the field length. I don't know why that happens... Migration from non-unicode to unicode database perhaps? Or being hacked in?
Password Login
i have a simple java code for a password login but it only allows one user name and password, do i need mysql to have more users and i also want a registration page.
Login Password Problem
I am running Mac OS X 10.4 (PPC) I have installed MySQL server and have the use account mysql but I have no idea of the password. When the install ran it did not give me the opportunity to set a password and I can not find anywhere that states a default password.
Root Password :: Cannot Login To Mysql
i am new to mysql.i have installed mysql software which is provided with Linux CD .i need to provide password to root.i updated the user table to give password to the root.after restarting the mysqld service , i couldnt enter into mysql .one error message is displaying
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
User Not Needing Password For Login?
I've seen this problem for a while now, but since at the time I only needed 1 MySQL user for development purposes it wasn't a problem. Now, it's problematic.
Btw, I have MySQL 5.0.22 installed.
I created a user using the following command (I've tried this way and using GRANT):
INSERT INTO user VALUES('%','XXXX',PASSWORD('YYYYY'), 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y', '','','','',0,0,0,0);
Now, I see that row in the mysql.user table. I see the encrypted password, BUT when I try to log in to mysql from the command prompt using the user that I just created... it NEVER needs the password (YYYYY) that I set it to in the INSERT.
>> mysql -uXXXX
^ That command takes me straight to the mysql command prompt. I am wanting the command to have to be 'mysql -uXXXX -p'... and then prompt for the password. Am I missing something?
i enter username as <usernametext> ... that is plaintext i enter passwd as sha1(<passwdtext>) so it displays in table encrypted i enter salt as <salttext> .... that is plaintext
Then I exited. But when I want to login again , it cannot authenticate the root I should tell you that a hacker had changed my root password before. Because it was not encrypted before.
SSL Encryption
is it true, that MySQL 4.x can do SSL encrypted connections only with a server AND a client certificate? I've got a working SSL connection if I use both, mysqld and mysql with certificate, key and ca-certificate. How can I use SSL if the mysql client must not have access to the private key? Any help or links to a good documentation is welcome.
AES Encryption
I am working on a small utility that will store journal entries in a mysql database. To ensure that even the database administrator can't read the contents of these entries I need to use some form of encryption. MySQL has some pretty decent AES encryption functions that I plan to use (AES_ENCRYPT() & AES_DECRYPT() ). The "key" for the encryption will be supplied by the user and never stored permanently so this should be pretty secure. The issue I am having is that searching through your journal/note entries is a pretty firm requirement. I am familiar with using full text indexes to make sure searching is speedy and efficient... but with encryption this does not appear to be an option.
Does anyone have any tips for me? I am just getting started with this project and want to know if there are some tricks I can do to make sure the server doesn't slow to a crawl when someone tries to search through 1,000 encrypted journal entries.
Currently I am planning on doing a query that would resemble the following. I have to use simple pattern matching since no fulltext functions work on the BLOB column type required by AES.
SELECT id, date, AES_DECRYPT(content, "user key") as decrypted FROM posts WHERE userhash = "testuser" AND decrypted LIKE "%some pattern%"
I'm not even sure if that is possible or valid syntax... that is just how I am assuming it will have to work. I think this query could at least grab just the user's posts from the "posts" table quickly, but if there were many it looks like it would need to inefficiently decrypt them one at a time and look for the search string.
Is there a more elegant solution that could give me the speed and security I'm looking for? If not, is there anything you can think of that I could do to hide this inefficiency so the server responds to large searches in a reasonable amount of time? Is this even a big deal? If I have like 10-20 concurrent users with 1000 posts each, all editing and searching, would a mid-range little linux box or shared environment be able to handle it without appearing super sluggish?
Encryption / Authentication
I need to find out if it's possible to do two things with mysql. The = first is external authentication, preferably with kerberos5, but PAM = will work as well. Second, encrypting the data stream. Specifically = with jdbc connections.
Looking For Encryption Tool
I have a prospect that needs to collect sensitive personal data via the web for mortgage applications. A certificate & SSL seems to protect the data from the browser to the server, but I need some way to encrypt the data for storage in mysql and (possibly) into a flat file for retrieval by the prospect. I have not been able to find a simple solution for this compatible with BSD and Apache.
Data Encryption
I am using MySQL on a Windows XP system. I was wondering if there is anyway that I could use OpenSSL (I currently have beta 6 on a dev machine) with MySQL on Windows XP?
Encryption On Windows
Can anyone advise whether its possible to use the Encode/Decode functions on Windows (Win2K) platform in Mysql & PHP. A book i'm using says they cannot be used in windows yet i've managed to get my application successfully Encoding a password at the time of using an, 'Insert INTO' qry - its stored ok as a BLOB (field was set-up as a BLOB). Problem is i cannot use the DECODE() to reverese things. When tried i get a 'cannot excecute query' type mssg. Looked at MD5 and SHA1 but they are one-way funcs only. I like the look of AES and DES ENCRYPT/DECRYPT but can't get them to work either.
Securing My DB With Encryption
I have set up two tables in our DB, and we want to add a third, but this one is credit card info, and need to be secured. What's the best way to do it by encryption?
Encryption And Decryption
i need a solution to the following requirement There is a column, for which data should be encrypted in the database, something like password, where the actual data should not be displayed when i say select * from tablename, instead, the encrypted text should be displayed, and that text need to be decrypted again, can anyone please tell me how to do it front end is java
I understand the basics of how it works however i am stumped.
What i am currently trying to do it have a table that contains user information. Now when an authenticated user views this information they are showing all there details in plain text.
Thats fine but what i require is a master key so that if need be the system admin will be able to decrypt any data in the mysql db using there master key.
Is there anyway to do this? either by design or code.
Using AES_ENCRYPT For 256 Bit Encryption
I just started using AES_ENCRYPT to encrypt records in my databases. For the most part, the default 128 bit encryption is fine. But, I would like to use 256 bit for one of my forms. According to the MySQL documentation you can use the function for either 128 or 256 but I don't understand how to get it to do 256.
The documentation says:"Encoding with a 128-bit key length is used, but you can extend it up to 256 bits by modifying the source." - http://dev.mysql.com/doc/refman/4.1/...functions.html
What source do I have to modify to get it to use 256?
Securing The AES Encryption Key Using Windows EFS?
I'm planning on using AES encryption methods which require an encryption key. I don't want to store this key as a string literal within my Java front-end web application because of the security risk associated with reverse engineering the Java .class files and obtaining the AES encryption key.
I was thinking of storing the AES encryption key in a file, and then reading this key from the Java application to use within the AES_ENCRYPT function. The file would be encrypted using Windows Encryption File System (EFS) since I'm deploying on a Windows server.
Benefits I see to this approach are that the AES encryption key is stored separate from the .java application, and the file containing the key is encrypted to everyone except the Windows account that encrypted the file.
The drawbacks are the application needs to have rights to accesss the file, the protection of the key now hinges on the Windows Account used to encrypt the file (if that is compromised then the key could be discovered); also, I need to further research where the private key used to encrypt the file is stored on Windows and how secure that is.
Encryption & Ignoring User
I had set up a database using XAMPP, but I feel this is a simple MySQL issue. After setting up the database, I created a few accounts and tables within phpMyAdmin and all was well. After a while, I decided that I wanted to encrypt the passwords of the user accounts. First, I tried md5() encryption. After doing so, all was well. However, once I shut down MySQL and restarted it, "[Warning] Found invalid password for user: 'Chris@%'; ignoring user"
I decided to change my password back using the "password()" within phpMyAdmin. Later, I had tried doing the same thing with sha1() encryption. All was well until I restarted MySQL, where I would receive the same "ignoring user" issue.
Credit Card Encryption
I am just having my first experience with storing credit card details into a mysql database with php. I am on a ssl server of course and everything works fine but I am interested in any other security recomendations.
Currently CC details are stored directly into the database as they were typed, should I be encrypting the CC details with mcrypt_enrypt() before storing them and then dectypt them when displaying on the "view card details page"?
I can easily decrypt it because the code specifies a Query but the INSERT is an ADODB insert (see below):
PHP
runQuery($db ->GetInsertSQL($rs, $_POST, true));
I need to AES_ENCRYPT one of the $POST fields before it goes into this but I don't see how? Mcrypt is not installed on server so MySQL functions are what I need to use.
Encryption Of User / Pass In Odbc.ini / Alternatives
Does anyone know of a more secure way than storing the username and password to the database connection within the odbc.ini ? We are using PHP on one server connecting to a MySQL 4.0 database ?
Mysql Password() & Unix Crypt Password...
I am creating a user administration system where system administrator can activate services for a user, like webspace, a mail account or a subdomain.
I now want to create a function that creates mysql databases and grant the right privileges to a user. But the problem is that mysql wants to have the plaintext password for the user in the "grant ... identified by 'pwd'" field, or in a manual query to update the password in the mysql.user table with PASSWORD('pwd').
I have another database which holds the passwords for the users, these password are stored the moment a user signs up and are used to activate services, for example ssh access to the machine. The stored passwords are encrypted using crypt(). So for adding a ssh service to a user, I simply do echo "$user:$pwdhash" | chpasswd -e.
I have chosen crypt because some programs (like proftpd) don't take md5 sums.
The problems is that I don't have the plaintext password. So I cannot add a mysql db.
So I need to create a user in mysql with a crypt password. I tried to just "grant all privileges ... identified by 'nothing'" and then afterwards update the mysql.user table and putt the crypt password in there but it doesn't work like that.
Does anyone have any idea on how I could fix this, how can I create a user in mysql without having his plaintext password and only having a crypt hash of it.
I thought about not only storing a crypt hash, but also an md5 hash and a mysql PASSWORD() hash.. but I think that's an ugly solution.
I Can Connect With Db Password Or Blank Password
I have a password setup for root (% and localhost) in Mysql 5.0.26, I can connect ok no problem. I can also connect with blank password! I know it is checking the password cuz it fails if it's wrong.
I'm sure I have only one account as well (tried to delete, recreate, etc... no change) select * from user where user='root'; | localhost | root | *F3AD8B3C44772C17F66767F29D948D9C255BD824 | Y ... | % | root | *F3AD8B3C44772C17F66767F29D948D9C255BD824 | Y ...
Is there an option to accept blank password!? I have this problem only for root user; Other accounts are fine.
CANNOT LOGIN
The database is accessible just fine through PHP and works great. When typing "mysql" inside a putty console I get: "-bash: mysql: command not found"
I used to type "mysql -u user -p -h localhost" to log in just fine. Now mysql is not found?
Login Box
I have a script that uses MySQL and for some reason the first time it loads per session I get the prompt box to login to MySQL? It seems to be a session based but is just weird any ideas what is causing this?
Login
I'm having a problem and I guess it's something wrong with my MySql database. I have a website where users need to register in order to login. Everything was working fine, but recently my webhost had some upgrade and my folder changed from "home2" to "home", but I'm not sure that this is the problem. Now, the new accounts are not created. The register form works fine, and appearently the account is created, but if I click to My Profile the data I completed is not there. Only the password appears but it's not the password I completed in the register form, it's the password from my Database.I also uploaded the website to a different webhost, but when I try to access the homepage, it shows like I'm already logged in, although I didn't and at the profile page, again, only a password... the database password.
Password :: Change Password
I have trixbox 1.2.3 running and in freePBX it told me I need to change the password in mysql. I went into mysqladmin and privileges. I updated the passwords for a2billinguser and root.
Now I am denied from access to mysql and all services that use mysql don't work. How do I restore the default that trixbox used. I have a very large major system here and cannot just blow it away.
Password :: How To Get Root Password
Is there anyway of knowing the root password of a MySQL database?? I know we can change the root password to a new one, but I want the root password of an existing database. Is this possible?
Login Prompt
I have a script that uses MySQL and for some reason the first time it loads per session I get the prompt box to login to MySQL? It seems to be session based but is just weird
Login As Root
Im using a WAMP setup of winXP pro, apache 1.3.31, mySql 4.1.21community-nt, PHP 5.1.6 and phpMyadmin 2.9.0.2 during the install of mysql i set a root password and after setup i created a new user using a 'grant all' statement in the client console. what i want to do is completely remove the root account and use the new superuser account i created. But - i cannot login with the new account; only as root with the root password Any suggestions how i can stop mySql from forcing me to use the root account.
Phpmyadmin Login
I have just installed phpmyadmin on my server however when I try to load it im getting a username and password screen. When I installed phpmyadmin or mysql I didnt add any usernames or passwords as its just a testing server hosted localy. Does anyone know why this is happening or how I can fix it?
Login Function
Im creating a login function for my customers and administers. But I have some problems modelling the tables. I think I wont something like this
The question is how am I suppose to do whit the fk_keys? I need to have something like fk_costumer , fk_admin , fk_reseller because I have to have some connection between usergruop/useraccount and the tables where the costumer, resellers and admin are stored.
TRACKER
