mysql - Password holding different data (phpMyAdmin Database) -


password varchar(120)

above column name , datatype password set. using phpmyadmin database , created user testing purpose usertest username , user123 password. when checked database, instead of holding user123 password, holds 0dcbd056919392554f346a10cc114d27. compared sql server database, sql server database hold exact data password user entered through registration.

even so, still can login using user123 password username usertest. if used 0dcbd056919392554f346a10cc114d27 password, unable login system. i've notice , started wonder, admin, how going know user password 1 used register, if going through database?

why on earth need know user's password? awful idea. explicitly don't want know user's passwords, or have means decrypt them. there many reasons why bad idea, 1 of them if user re-uses passwords , database compromised, user's plaintext password has been compromised.

what more common hash password; taking user's password, combined cryptographic salt, , enter input hash function (i believe bcrypt common these days, requirements may vary). function returns nonsense string $2a$06$xkjbhsfb4q53movnjrgeuokqkpnoipjfq7p8qmuwa63qgehnplymu store in database. when user tries log in, repeat hash process , compare result value stored in database.

if have business need store plaintext password, highly recommend warning users in plain language database going stored insecure means , absolutely use specially-crafted password application.

again, recommend not storing passwords in plain text , making sure have cryptographically secure hash in place.

but anyway, directly answer question, you're not storing plain text value here. can't know you're doing when you're inserting user's password, you're performing function on varchar field. you've selected 1 of functions dropdown in phpmyadmin insert page (see screenshot below); applies selected mysql function data insert it. there's not reason phpmyadmin mangling data this, seems likely.

phpmyadmin function dropdown


-

Comments

Post a Comment

Popular posts from this blog

amazon web services - S3 Pre-signed POST validate file type? -

i know it's possible put limit on file size content-length-range header. possible validate file type? https://docs.aws.amazon.com/amazons3/latest/dev/httppostforms.html#policyconditions i see there content-type header, if set say, audio/mp3 allow mp3 files , return error if file not mp3? i found previous question answers mention validating file size: s3 direct upload restricting file size , type you can specify content-type @ post request. you can specify @ signature, post must done content-type: { "expiration": "2007-12-01t12:00:00.000z", "conditions": [ {"acl": "public-read" }, {"bucket": "johnsmith" }, {"content-type: "audio/mp3"} ] } creating html form (using aws signature version 4) edit: @ previous question found, checking content-type.
Read more

c# - Check Keyboard Input Winforms -

i wondering if instead of doing this protected override void onkeydown(keyeventargs e) { if (e.keycode == keys.a) console.writeline("the key down."); } i set bool method , this: if(keydown(keys.a)) // whatever here i've been sitting here ages trying figure out how it. can't wrap head around it. in case wondering, plan call bool inside different method, check input. since want perform action after pressing key, using keydown event enough. but in cases suppose want check if specific key down in middle of process, can use getkeystate method way: [dllimport("user32.dll", charset = charset.auto, exactspelling = true)] public static extern short getkeystate(int keycode); public const int key_pressed = 0x8000; public static bool iskeydown(keys key) { return convert.toboolean(getkeystate((int)key) & key_pressed); } you should know, each time check key state using example iskeydown(keys.a) method returns true if ke...
Read more