Reputation: 2148
Using MySQL PASSWORD function in our app
In MySQL documentation for PASSWORD function:
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead.
Why we shouldn't use this function in our application?
Upvotes: 3
Views: 298
Answers (1)
Reputation: 60539
A few reasons I can think of
It's a fast hash (SHA1 I believe) which isn't a good property for password hashes.
They might change what hash it uses in a future version of MySQL, breaking your application. They've already done this once, hence the OLD_PASSWORD() function.
It doesn't naturally use a salt (although you could use a salt with it if you wanted to by appending it to the password before calling the PASSWORD function)
It's non-standard SQL, so if you ever need to port your app to another platform you'll need to come up with a replacement
Upvotes: 2
Related Questions
- MySQL password function
- What should I use instead of 'password' in a future release
- How to set hashed password for MySQL database user
- How to hash passwords in mysql for spring security compatibility
- hash() function in mysql version 8.0
- What function to use to hash passwords in MySQL?
- Password storage?
- How to hash passwords in MySQL?
- MySQL plain-text to hash passwords
- Storing hashed passwords in MySQL