Geting current user pasword.
Geting current user pasword.
am 03.06.2010 19:12:01 von Guillermo
Hello,
I need to get the user and password from the current session. I
found the user() function, wich gets the username, is there anything
like that to get the password ?
Thx
Guillermo
__________ InformaciĆ³n de ESET NOD32 Antivirus, versiĆ³n de la base de firmas de virus 5170 (20100603) __________
ESET NOD32 Antivirus ha comprobado este mensaje.
http://www.eset.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org
Re: Geting current user pasword.
am 03.06.2010 19:26:29 von Dan Nelson
In the last episode (Jun 03), Guillermo said:
> Hello,
> I need to get the user and password from the current session. I
> found the user() function, wich gets the username, is there anything
> like that to get the password ?
Nope. I don't think the server even sees the password during
authentication. It's all done with hashed versions. You'll probably have
to cache the original password used to make the connection, if you need to
use it again later.
http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html
--
Dan Nelson
dnelson@allantgroup.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=gcdmg-mysql-2@m.gmane.org
Re: Geting current user pasword.
am 03.06.2010 20:44:26 von Michael Dykman
It goes strongly against best practices to store user passwords in the
clear. If you are storing any personal information at all,
information as trivial as the association as a name and an email
address, there are privacy regulations which prohibit the practice.
For some trivial app, with user buy-in, it *can* be done but there is
rarely a good reason for it in my experience.
- michael dykman
On Thu, Jun 3, 2010 at 1:12 PM, Guillermo wrote=
:
>
> Hello,
> =A0 I need to get the user and password from the current session. I found=
the
> user() function, wich gets the username, is there anything like that to g=
et
> the password ?
>
> Thx
>
> Guillermo
>
>
> __________ Informaci=F3n de ESET NOD32 Antivirus, versi=F3n de la base de=
firmas
> de virus 5170 (20100603) __________
>
> ESET NOD32 Antivirus ha comprobado este mensaje.
>
> http://www.eset.com
>
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: =A0 =A0http://lists.mysql.com/mysql?unsub=3Dmdykman@gmail=
..com
>
>
--=20
- michael dykman
- mdykman@gmail.com
May the Source be with you.
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg
Re: Geting current user pasword.
am 03.06.2010 21:07:45 von Jim Lyons
You mean the mysql password of the user? No, you can't get that,
even the server can't get it, at least not the clear-text version.
When you create/change your password an encrypted version is stored in
the mysql.user table along with the hostname. If you have "SELECT"
permission on that table, you can get the encrypted version. You
could use that for some sort of separate authentication by encrypting
a user-supplied password and comparing the 2 encrypted strings but you
can't get the actual password.
In other words, if the password is 'cat' you only see
'*FD98809C60DD51B6B380DB17B72F9A9E2FE1928F in mysql.user. You could
have code that checked a user-supplied password, like:
if password(@pwd) =3D '*FD98809C60DD51B6B380DB17B72F9A9E2FE1928F'
but that's it.
Jim
On Thu, Jun 3, 2010 at 12:12 PM, Guillermo wrot=
e:
>
> Hello,
> =A0 I need to get the user and password from the current session. I found=
the
> user() function, wich gets the username, is there anything like that to g=
et
> the password ?
>
> Thx
>
> Guillermo
>
>
> __________ Informaci=F3n de ESET NOD32 Antivirus, versi=F3n de la base de=
firmas
> de virus 5170 (20100603) __________
>
> ESET NOD32 Antivirus ha comprobado este mensaje.
>
> http://www.eset.com
>
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: =A0 =A0http://lists.mysql.com/mysql?unsub=3Djlyons4435@gm=
ail.com
>
>
--=20
Jim Lyons
Web developer / Database administrator
http://www.weblyons.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=3Dgcdmg-mysql-2@m.gmane.o rg
Re: Geting current user pasword.
am 04.06.2010 11:56:44 von Johan De Meersman
--0050450181023a691b04883157a6
Content-Type: text/plain; charset=ISO-8859-1
On Thu, Jun 3, 2010 at 8:44 PM, Michael Dykman wrote:
> address, there are privacy regulations which prohibit the practice.
>
I fully agree with you, but as a matter of pedantry I would like to point
out that the privacy regulations you speak of are not applicable outside of
your part of the world :-)
--
Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel
--0050450181023a691b04883157a6--