softarrow Posted June 7, 2007 Share Posted June 7, 2007 Hi to all! I want to ask you that, what are the advantages and disadvantages of using MySQL PASSWORD() function to encrypt the sensitive data in database. Should i opt for MySQL PASSWORD() function or PHP md5() function, please suggest me? Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/ Share on other sites More sharing options...
bubblegum.anarchy Posted June 7, 2007 Share Posted June 7, 2007 md5() should be used instead of password() to encrypt data, from mysql documentation: Note: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC 2195 for more information about handling passwords and authentication securely in your applications. Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269809 Share on other sites More sharing options...
softarrow Posted June 7, 2007 Author Share Posted June 7, 2007 Thanks for your reply. I have read MYSQL documentation and they say: The encryption and compression functions return binary strings. For many of these functions, the result might contain arbitrary byte values. If you want to store these results, use a BLOB column rather than a CHAR or VARCHAR column to avoid potential problems with trailing space removal that would change data values. BLOB column will take unnecessary storage space in database, is there any other option to use CAHR or VARCHAR field to store the data. Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269818 Share on other sites More sharing options...
bubblegum.anarchy Posted June 7, 2007 Share Posted June 7, 2007 I have never had a problem using a varchar column for encrypted data, besides BLOB holds a variable amount of data anyway or use VARBINARY instead. Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269869 Share on other sites More sharing options...
fenway Posted June 7, 2007 Share Posted June 7, 2007 I have never had a problem using a varchar column for encrypted data, besides BLOB holds a variable amount of data anyway or use VARBINARY instead. Just be careful about the maximum length, certain encryption functions are block-based. Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-269950 Share on other sites More sharing options...
bubblegum.anarchy Posted June 7, 2007 Share Posted June 7, 2007 Is the following a good idea, fenway: ALTER TABLE account MODIFY password VARBINARY(100) not null default 'password' comment 'account password'; Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-270336 Share on other sites More sharing options...
fenway Posted June 8, 2007 Share Posted June 8, 2007 Good idea how? Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-271054 Share on other sites More sharing options...
bubblegum.anarchy Posted June 8, 2007 Share Posted June 8, 2007 Good idea how? To resolve any issues relating to encryption functions that might contain arbitrary byte values. Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-271175 Share on other sites More sharing options...
fenway Posted June 11, 2007 Share Posted June 11, 2007 Ah... depends which encryption function, but most produce normal ascii output without hex. Link to comment https://forums.phpfreaks.com/topic/54551-mysql-password-for-encryption/#findComment-272407 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.