Re: Re: How to call MySQL's PASSWORD() from Class::DBI?

Dear hardburn

Thank you for care and answer that "larger and unasked question". This system is a legacy, and I need to maintain it as best as I can. The system is like a box full of (quite) poor design constructs and (really) bad project choices.

I don't know about the implications of changing the method used to keep the passwords, but I will study this and change it as soon as possible. I not finished building the system documentation yet.

Is this a high priority task or I can live with it for some time? The system is exposed at the internet, firewall protected. I would like to read more comments about this matter.

Thank you very much and Merry Christmas.

"In few words, translating PerlMonks documentation and best articles to other languages is like building a bridge to join other Perl communities into PerlMonks family. This makes the family bigger, the knowledge greather, the parties better and the life easier." -- monsieur_champs

Comment on Re: Re: How to call MySQL's PASSWORD() from Class::DBI?

Replies are listed 'Best First'.
Re: Re: Re: How to call MySQL's PASSWORD() from Class::DBI? by hardburn (Abbot) on Dec 26, 2003 at 14:35 UTC
I don't know your situation entirely, but guessing from the fact that this is an older system, I would bet that there are a lot of other problems with it, and MySQL's `PASSWORD()` function is probably the least of them. In fact, you could probably store plaintext passwords and wouldn't lose much (though since encrypted passwords are already there, you might as well keep them). This isn't to say it should never change, but you could probably spend time on other parts of the system first. Again, this is just from someone completely unfamiler with your situation, so take all of the above with the properly-sized chunk of salt. ---- I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident. -- Schemer `: () { :\|:& };:` Note: All code is untested, unless otherwise stated	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: Re: Re: How to call MySQL's PASSWORD() from Class::DBI?
by hardburn (Abbot) on Dec 26, 2003 at 14:35 UTC

I don't know your situation entirely, but guessing from the fact that this is an older system, I would bet that there are a lot of other problems with it, and MySQL's PASSWORD() function is probably the least of them. In fact, you could probably store plaintext passwords and wouldn't lose much (though since encrypted passwords are already there, you might as well keep them). This isn't to say it should never change, but you could probably spend time on other parts of the system first.

Again, this is just from someone completely unfamiler with your situation, so take all of the above with the properly-sized chunk of salt.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

: () { :|:& };:

Note: All code is untested, unless otherwise stated

[reply]
[d/l]
[select]