Reputation: 388
Connect to MySQL with hashed password?
I was wondering (and used Google with no clear result) if there is any way to connect to a MySQL database with PHP using a hashed password. Say I have the following:
Password (plain): 'foobar'
Password (sha1): '8843d7f92416211de9ebb963ff4ce28125932878'
Now I would like to connect to MySQL like this (using the mysql_* function as example, I'm using PDO though):
$db_link = mysql_connect ( 'localhost', 'user', '8843d7f92416211de9ebb963ff4ce28125932878' );
I this possible? Have anyone done this before?
Upvotes: 7
Views: 14219
Answers (4)
Reputation: 41
the usage case would be having multiple developers editing the .php file that contains the sql connect password that you might not want them to know.
I think one solution would be to move the connect statement out to a file like so, make sure you don't have a $password variable though cause someone could just call it and print it out later in their .php file
mysql.php
<?php
mysql_connect('db.cs.dal.ca','user','password');
@mysql_select_db($database) or die( "Database Error ".mysql_error());
?>
and only give your self rw------- permissions to the mysql.php file, then in all of your group accessible .php files you can just include that file to evoke a connection.
index.php
<?php include("mysql.php") ?>
<!-- some web content -->
<?php mysql_close(); ?>
and give your developers group rw-rw---- permissions on all the other .php files, as long as the owner of the mysql.php file can read it should executed on the php server..... i think.
you can also exclude mysql.php from git for example, and have developers run their own local copy of a DB with their own mysql.php file and just provide a stripped down copy of your production database for local development and testing
Upvotes: 2
Reputation: 87
Simple answer is "You can't."
I know what you are trying to accomplish: You are probably on some shared hosting plan and cannot put your config file above the html folder.
Stefan is thinking that a hacker would just be hunting for the config file and wants to make him have to work for the info. Once the hacker realizes he needs more info, he has to crack the site a second time.
This has nothing to do with a table of usernames & passwords. This is for the MySQL config file.
Upvotes: -1
Reputation: 1372
The short answer is no.
But, just wondering... what is your real concern? Someone hacking into your server and discovering your password?
Upvotes: 6
Reputation: 96159
Then the "hash" would be the password. What would be the benefit?
Upvotes: 11
Related Questions
- How to connect hashed password from registration to login PHP/MySQL
- Getting password hash from MySQL
- Can I connect to a database using a hashed password?
- php - PasswordHash check and login
- PHP login with hashed passwords
- Hashing password and login
- Authenticating with hashed password?
- mysql transfer passwords hashed with password()
- php cannot login
- Hash Passwords php