Skip to main content

How to use the case-sensitive for MySQL password field?

Image
By User


I have user login but user can login with case-insensitive way Means if your password is 'test' then user able to login with 'TEST' password. i want to avoid the such type authentication on my password field



Thanks in advanced ......


Source: Tips4allCCNA FINAL EXAM
Labels:

Comments

  1. UserMay 10, 2012 at 3:07 AM

    The easiest way is to use the binary keyword in your query use:

    SELECT /*fields*/ FROM table WHERE /* where clause */ BINARY password = "userpassword"


    OR

    use the strcmp in your PHP code:

    You can use this also if you store hashed or encrypted password which I recommend.

    ReplyDelete
  2. UserMay 10, 2012 at 3:07 AM

    I guess you are storing passwords in clear. That's not only pretty insecure, it's also unnecessary in most situations. My advice is to store passwords in two columns, e.g.:

    password_salt VARCHAR(16)
    password_hash VARCHAR(40)


    Before storing a new password, take the password provided by the user ($clear_password), create a random string ($salt) and use both to create a hash (sha1sum($salt . $clear_password). Store both the salt and the hash and discard the clear password.

    To validate a password, retrieve the stored salt for the given user, generate the hash and see if it matches with the hash in DB.

    This technique is called salted passwords.

    ReplyDelete

Post a Comment

Popular posts from this blog

Slow Android emulator

By User
I have a 2.67 GHz Celeron processor, 1.21 GB of RAM on a x86 Windows XP Professional machine. My understanding is that the Android emulator should start fairly quickly on such a machine, but for me it does not. I have followed all instructions in setting up the IDE, SDKs, JDKs and such and have had some success in staring the emulator quickly but is very particulary. How can I, if possible, fix this problem?
30 comments
Read more

CCNA 1 Final Exam 2011 latest (hot hot hot)

By User
  Hi! I have been posted content of ccna1 final exam (latest and only question.) I will post the answer and insert image on sunday. If you care, please subscribe your email an become a first person have full test content. Subcribe now  Some question  have not content because this question have images content. So that can you wait for me? SUNDAY 1. A user sees the command prompt: Router(config-if)# . What task can be performed at this mode? Reload the device. Perform basic tests. Configure individual interfaces. Configure individual terminal lines. 2. Refer to the exhibit. Host A attempts to establish a TCP/IP session with host C. During this attempt, a frame was captured with the source MAC address 0050.7320.D632 and the destination MAC address 0030.8517.44C4. The packet inside the captured frame has an IP source address 192.168.7.5, and the destination IP address is 192.168.219.24. At which point in the network was this packet captured? leaving host A leaving ATL leaving...
114 comments
Read more