Database Reference
In-Depth Information
Figure 12.11
Password encryption.
SELECT *
FROM
mysql.user
WHERE
user=”Mary” and password=PASSWORD('yeti')
will give the results shown in Figure 12.12, returning one row, proving that the user and
password are correct. However, if you ran the following:
SELECT *
FROM
mysql.user
WHERE
user=”Mary” and password=PASSWORD('abominable')
the query would produce no results, as the Mary user's password is not
abominable
, the
encrypted version is not the same as the stored encrypted version, they therefore do not
match and so the password is proved to be incorrect. To check for a valid username and
password combination in your scripting language, simply check if you have more than 0
records returned from the query. Again, if this was being used on a webpage we would be
Figure 12.12
Matching encrypted passwords.
Search WWH ::
Custom Search