MySql password()

Anon

Hi,

i have a problem with encrypted passwords in mysql table.

i put them in:

insert into my_pass (login, pass) values (\"martin\", password(\"secret\"));

and when i query: select from my_pass; I can see username and encrypted password, but i cannot get the passwords out of there!
so:
select from my_pass where login='login' and pass=password('password');

empty set🙁
any ideas?

regards,
martin

Anon

Here is the defination of the password() function from the MySQL manual:

PASSWORD(str)
Calculates a password string from the plaintext password str. This is the function that is used for encrypting MySQL passwords for storage in the Password column of the user grant table:
mysql> select PASSWORD('badpwd');
-> '7f84554057dd964b'

PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. You should not assume that if your Unix password and your MySQL password are the same, PASSWORD() will result in the same encrypted value as is stored in the Unix password file. See ENCRYPT().

You should notice the sentance that says <b>PASSWORD() encryption is non-reversible.</b> This means that once you've encrypted something using password you can't get the data back out. If you need to be able to encrypt and decrypt your data use the encode and decode functions. Or look up the encrytption in PHP it has both options available if you have the appropriate libraries installed.

Anon

Thanks,

i didn't want the data back, i compared it against the password, but it returned empty set. I figured it out - i, dumb me, set password columns datatype to varchar(10), figuring that i dontn't need longer passwords, but the encrypted password is 16 chars long and so it should be char(16), now it works.

Thanks again for reply!

regards,
martin