senidaljeet — 2011-07-04T05:58:03-04:00 — #1
I am new to mysql, what i am trying to do is, i want to view the password fiield which is inserted using PASSWORD function.Its working fine while insertion, But i want to view it on a page, any idea how to do it. I know this function is irreversible.. but any workaround.. i just want to view..if possible..
guido2004 — 2011-07-04T06:15:32-04:00 — #2
Welcome to the SP forums.
What you're asking is not possible. Like you say yourself, the function is irreversible. All you can view is the encrypted value.
By the way, I quote from the manual
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA2() instead
senidaljeet — 2011-07-04T13:41:08-04:00 — #3
Hi, I was going through the book mysql php database applications by jay greenspan, n did a trial of these functions on my password filed.
But then out of curosity wanted to know, when these passwords are encrypted, is it possible for server admin or anyone else to know.
Thanks for replyiing...
felgall — 2011-07-04T17:55:35-04:00 — #4
The reason for hashing passwords is to prevent anyone from being able to tell what the original password is. That helps to protect the person who set the password against their own stupidity.
If a person used the same password for several different sites and it was able to be read in plain text then anyone with access to one of the servers would know the password to use to log in to that person's accounts on other servers (such as their bank). By hashing the password (preferably after adding a separate salt value to it) you make it just about impossible for anyone with access to the hashed version of the password to work out what the original password is and so you prevent someone being able to use it to break into other sites where the owner has used the same password.
Anyone with access to the database on the server can see the contents if they really want to. You should be able to trust the people supporting the server to not access your database but by hashing the passwords you prevent their being able to see what people's passwords are even if they do look at your database.
Encrypting the passwords would bealmost pointless as anyone with access to the server to see the passwords would also have access to the code to decrypt them.
senidaljeet — 2011-07-05T08:21:58-04:00 — #5
Thanks for explaining in such a great way..
Saw your tweets and other links.All are worth visiting