From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Adam T. Bowen" <adamb@agitate.org.uk>
Subject: Re: MySQL obnoxious question
Date: Tue, 19 Feb 2008 21:01:51 +0000
Message-ID: <47BB43BF.3000309@agitate.org.uk>
References: <47BB75CE.7070701@gmail.com>
Mime-Version: 1.0
Content-Transfer-Encoding: QUOTED-PRINTABLE
Return-path: <linux-admin-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding:sender;
        bh=2qYWdbe0J9GxA4i3ZBxusRoFD6/O1iBnvdNRsXH69eA=;
        b=QMpsPuZh2W65123lT/5V2e6fabauOl8Eyn0PZt2OmSR/laLDqpJPJAwe5MtI/tOjohcgq1Xwo0LNkoPbdmgC1J2seZQ+ps12U4Xfm8CWPiVm0q3Y/8vSFlksM3vT7nBZxtgyebmCNPhuXIYHqSqaw69lTVE7PLf1zUUig2pFxxQ=
In-Reply-To: <47BB75CE.7070701@gmail.com>
Sender: linux-admin-owner@vger.kernel.org
List-ID: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
To: linux-admin@vger.kernel.org

Hi,

M=E1rio Gamito wrote:
> For obnoxious reasons, I'm running a web site in Windows/ASP.NET/C# t=
hat=20
> once a user registers, it inserts in the MySQL qmail server the=20
> username, password, etc.
>=20
> It's in the password that the problem lies.
> I need to hash it just before or after the MySQL INSERT statement.
> For that, I have to run a PHP shell script that follows my signature.

There is an encrypt function in MySQL:

http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#functi=
on_encrypt

but it is only available on systems which have a system crypt call (not=
=20
Windows according to the docs).  However if your MySQL database is=20
running on Linux you should be able to just change the insert statement=
=20
in the C# code to something like:

insert into user_details values("username", encrypt("password"), ...);

and not bother with the php script.  If the database is on Windows, the=
n=20
there are other encrytion functions available.  There is a User Comment=
=20
at the bottom of the above web page (search for "Philip Mather") which=20
discusses using a trigger to achieve something that sounds similar to=20
what you want.

There are lots of other options, of course, but my first route would=20
always be to modify existing code.  You might want to be careful,=20
however, that you aren't breaking any license agreement before going=20
ahead and modifying anything.  If the code is unavailable or protected=20
then you can just put a trigger on the user_details table in the=20
database and encrypt the password there.

Hope some of that helps.

Cheers

Adam
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html