While I haven't used this method with MySQL, I have used (and seen others use) the following method for authentication using an RDBMS.
Capture the users password, and use Perl's crypt to encrypt it ( I've see the salt stored in the database as well as the salt derived from a standard repeatable function). Store the encrypted password. At login, take the users password as entered and encrypt using the same method. Then compare the two encrypted strings. If they match, let them in. Once nice thing about this method, is that crypt is part of Perl, thus can be portable across platforms.
I am interested in other methods of doing this, or of any stories from others where this sort of method was insufficient. One scenario I am currently dealing with is an application that uses a set of login tables that have Perl crypted passwords. the app is a Cold Fusion app on NT. They cannot grok the passwords...so we had to provide a workaround (that's a story for some other node)
Disclaimer: The above method I mention has only been utilized in either an inside-the-firewall or https connections. If not using encrypted tranmissions or safe behind a firewall, your passwords will be sent in the clear...thus sniffable by the bad guys.
In reply to Re: MySQL, PERL and web authentication
by wardk
in thread MySQL, PERL and web authentication
by bman
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |