I'm using a stored procedure to check the username and password on login attempts. - The passwords are stored using the password() function in MySQL.
And the login works fine, using the stored procedure, the problem is that I have a function that enables the user to change the password, how should I update it? as MD5 through PHP? or should I build a new stored procedure?
Thanks :)
分享 You're not supposed to use the PASSWORD() function for your application-level passwords.
http://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html#function_password says:
Note
ThePASSWORD()function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, considerMD5()orSHA2()instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.
If you use a standard cryptographic hash method like SHA2, you can perform the hashing in PHP, using the hash extension. Hashes calculated with the same algorithm in PHP are compatible with those calculated in MySQL.
分享
