SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Jul 2011
    Location
    Mumbai,India
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    View Mysql Password field

    Hi there.
    I am new to mysql, what i am trying to do is, i want to view the password fiield which is inserted using PASSWORD function.Its working fine while insertion, But i want to view it on a page, any idea how to do it. I know this function is irreversible.. but any workaround.. i just want to view..if possible..

    Thanks,
    Daljeet Singh.

  2. #2
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,491
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    Welcome to the SP forums.

    What you're asking is not possible. Like you say yourself, the function is irreversible. All you can view is the encrypted value.

    By the way, I quote from the manual
    The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA2() instead

  3. #3
    SitePoint Member
    Join Date
    Jul 2011
    Location
    Mumbai,India
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi, I was going through the book mysql php database applications by jay greenspan, n did a trial of these functions on my password filed.
    But then out of curosity wanted to know, when these passwords are encrypted, is it possible for server admin or anyone else to know.
    Thanks for replyiing...

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,784
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The reason for hashing passwords is to prevent anyone from being able to tell what the original password is. That helps to protect the person who set the password against their own stupidity.

    If a person used the same password for several different sites and it was able to be read in plain text then anyone with access to one of the servers would know the password to use to log in to that person's accounts on other servers (such as their bank). By hashing the password (preferably after adding a separate salt value to it) you make it just about impossible for anyone with access to the hashed version of the password to work out what the original password is and so you prevent someone being able to use it to break into other sites where the owner has used the same password.

    Anyone with access to the database on the server can see the contents if they really want to. You should be able to trust the people supporting the server to not access your database but by hashing the passwords you prevent their being able to see what people's passwords are even if they do look at your database.

    Encrypting the passwords would bealmost pointless as anyone with access to the server to see the passwords would also have access to the code to decrypt them.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Member
    Join Date
    Jul 2011
    Location
    Mumbai,India
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey felgall,
    Thanks for explaining in such a great way..
    Saw your tweets and other links.All are worth visiting


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •