Featured Posts

Apple Mail Encryption with GPGMail and OpenPGP I've dabbled with encryption several times over the past few decades, never really getting serious about it.  It started when, in college, I would see that the faculty...

Read more

1Password on Ubuntu 11.10 (Oneiric) First, I apologize for being off-the-grid for so long.  I recently started working for a new company and am deep in the throes of the start-up life.  I started working...

Read more

BuddyPress -- Pages failing to load (404) I was going insane working on a buddypress install for our intranet's tech-blog because every page I attempted to load into Wordpress following the Buddypress install...

Read more

BuddyPress -- Pages failing to load (404) I was going insane working on a buddypress install for our intranet's tech-blog because every page I attempted to load into Wordpress following the Buddypress install...

Read more

Renaming mongodb Columns Today I was putzing around in the geo-spatial collection when I noticed that I had an unhappy over one of the column names within the collection. In the mySQL world,...

Read more

Subscribe

Please Stop: Securing User Accounts with mySQL’s Password() Function…

Posted by : Micheal Shallop Posted on : 24-07-2011
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Category : Technical

Tags: , , , , , , , , , , ,

No Gravatar

I tweeted a week or so ago:  Please stop using mySQL’s password() function.  I had good reason for doing so – the legacy software I’ve been assigned to maintain until I can help with the new rev has a password schema that is based entirely on mySQL’s password function as the hash strategy for storing user-account passwords in the database.

As developers, we should be getting that uncomfortable, squishy, feeling whenever we read about another corporate hack event, one that exposed gazillions of user accounts to the ether, and zomg, we even got their passwords!!!

Don't miss a single post! Subscribe to my RSS feed
  • Press My Buttons !
  • Stumble upon
  • Delicious
  • sphinn
  • regit
  • Technorati
  • Twitter
  • Facebook
  • Mixx
  • Google
  • Yahoo
Posted by : Micheal Shallop | Leave a Comment |

Page optimized by WP Minify WordPress Plugin

Our weather forecast is from WP Wunderground