Re: MySQL obnoxious question

["Adam T. Bowen" <adamb@agitate.org.uk>]

Hi,

Mário Gamito wrote:
> For obnoxious reasons, I'm running a web site in Windows/ASP.NET/C# that 
> once a user registers, it inserts in the MySQL qmail server the 
> username, password, etc.
> 
> It's in the password that the problem lies.
> I need to hash it just before or after the MySQL INSERT statement.
> For that, I have to run a PHP shell script that follows my signature.

There is an encrypt function in MySQL:

http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_encrypt

but it is only available on systems which have a system crypt call (not 
Windows according to the docs).  However if your MySQL database is 
running on Linux you should be able to just change the insert statement 
in the C# code to something like:

insert into user_details values("username", encrypt("password"), ...);

and not bother with the php script.  If the database is on Windows, then 
there are other encrytion functions available.  There is a User Comment 
at the bottom of the above web page (search for "Philip Mather") which 
discusses using a trigger to achieve something that sounds similar to 
what you want.

There are lots of other options, of course, but my first route would 
always be to modify existing code.  You might want to be careful, 
however, that you aren't breaking any license agreement before going 
ahead and modifying anything.  If the code is unavailable or protected 
then you can just put a trigger on the user_details table in the 
database and encrypt the password there.

Hope some of that helps.

Cheers

Adam
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html