Re: password checking?

The actual checking is probably quite trivial, but very dependent on how the credentials are stored. For example, if you have a mysql database table then a query along the lines of:

SELECT something from users where username=? and password=PASSWORD(?);
[download]

Followed by a count of the rows returned would do the job.

Other ways of storing the credentials would have different ways of accessing them, so this problem is very dependent on the specifics.

Comment on Re: password checking? Download Code

Replies are listed 'Best First'.
Re^2: password checking? by superfrink (Curate) on Aug 16, 2005 at 05:14 UTC
It's common to store passwords in a database like this. I have two things to add that I learned the-hard-way. User applications should not use the PASSWORD() function. MySQL AB has documented that this function may change between versions. Their documentation says you should use MD5() or SHA1(). (The 4.0 to 4.1 upgrade was a pain at the shop I was working at.) Another way is to hash the value in perl before passing it to the database. You could use Digest::SHA256 or Digest::MD5 for example. For some reason (that I don't know) string comparisons are not case sensitve in MySQL unless you use the BINARY keyword in the query or the columns were created with the BINARY attribute.	[reply]

Replies are listed 'Best First'.

Re^2: password checking?
by superfrink (Curate) on Aug 16, 2005 at 05:14 UTC