SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    Oct 2002
    Posts
    229
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Decrypting MySQL passwords

    Does anyone know how to decrypt a mysql password and then display it on screen.

    I have inserted data into a MySQL table using the following code

    $query="insert into payment_details values
    ('','$Customer_ID','','$total_price','$delivery',
    '$final_price','$card_name',password('card_number'))";

    $result=mysql_query($query);

    the password('card_number') encrypts it using mysql, but I cannot decrpt it when retrieving it from the database

    Any ideas?

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,347
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    the mysql documentation says "PASSWORD() encryption is non-reversible"

    however, if you're trying to verify an incoming password, i would imagine that all you have to do is encrypt it and compare to the encrypted password value
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    (****** or Deleted)
    Join Date
    May 2002
    Location
    Melbourne, Australia
    Posts
    299
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As far as I know, when encrypting using either password() or md5() the process is irreversible simply so others cannot retireve the data... Do as r937 suggests if you need to verify a password, encrpyt the string that is inputted and check THAT against the database...

    Jordan Windebank

  4. #4
    There is no general chat z0s0's Avatar
    Join Date
    Aug 1998
    Location
    Melbourne
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PASSWORD() is not appropriate for encrypting credit card numbers, for the reason pointed out by r937.

    If you really must store credit card numbers in your DB, and feel that encrypting them will improve security, you should consider a proper two-way encrpytion library such as libmcrypt (which is supported by PHP).
    Wormly Server Performance Monitoring
    Don't wait for an SMS at 4am. Find out what's really
    going on and fix the problem. www.wormly.com/website-monitoring


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •