softarrow Posted June 7, 2007 Share Posted June 7, 2007 Hi to all! I want to ask you that, what are the advantages and disadvantages of using MySQL PASSWORD() function to encrypt the sensitive data in database. Should i opt for MySQL PASSWORD() function or PHP md5() function, please suggest me? Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/ Share on other sites More sharing options...
bubblegum.anarchy Posted June 7, 2007 Share Posted June 7, 2007 md5() should be used instead of password() to encrypt data, from mysql documentation: Note: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your applications. Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269809 Share on other sites More sharing options...
softarrow Posted June 7, 2007 Author Share Posted June 7, 2007 Thanks for your reply. I have read MYSQL documentation and they say: The encryption and compression functions return binary strings. For many of these functions, the result might contain arbitrary byte values. If you want to store these results, use a BLOB column rather than a CHAR or VARCHAR column to avoid potential problems with trailing space removal that would change data values. BLOB column will take unnecessary storage space in database, is there any other option to use CAHR or VARCHAR field to store the data. Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269818 Share on other sites More sharing options...
bubblegum.anarchy Posted June 7, 2007 Share Posted June 7, 2007 I have never had a problem using a varchar column for encrypted data, besides BLOB holds a variable amount of data anyway or use VARBINARY instead. Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269869 Share on other sites More sharing options...
fenway Posted June 7, 2007 Share Posted June 7, 2007 I have never had a problem using a varchar column for encrypted data, besides BLOB holds a variable amount of data anyway or use VARBINARY instead. Just be careful about the maximum length, certain encryption functions are block-based. Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269950 Share on other sites More sharing options...
bubblegum.anarchy Posted June 7, 2007 Share Posted June 7, 2007 Is the following a good idea, fenway: ALTER TABLE account MODIFY password VARBINARY(100) not null default 'password' comment 'account password'; Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-270336 Share on other sites More sharing options...
fenway Posted June 8, 2007 Share Posted June 8, 2007 Good idea how? Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-271054 Share on other sites More sharing options...
bubblegum.anarchy Posted June 8, 2007 Share Posted June 8, 2007 Good idea how? To resolve any issues relating to encryption functions that might contain arbitrary byte values. Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-271175 Share on other sites More sharing options...
fenway Posted June 11, 2007 Share Posted June 11, 2007 Ah... depends which encryption function, but most produce normal ascii output without hex. Quote Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-272407 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.