0

I want to know that is it possible using SQL in PHPmyAdmin to be able to get a field to display only hash characters or something like this so that unauthorised users would not be able to see those characters in letters and numbers? This is for a password field I am creating.

Thanks

user1394925
  • 754
  • 9
  • 28
  • 51
  • 2
    If this is for storing the passwords securely, [check out this SO article](http://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database). – Matt Aug 02 '12 at 15:23

1 Answers1

2

To answer your question directly, yes, MySQL has hashing functions. They are listed here.

However, if you really want to store your passwords securely, read this article.

UPDATE

Say, for example, you're using SHA2() to hash your passwords (use your own judgement after reading the above article to determine which hashing algorithm to use).

To compare an authentication string (read: "User-entered password from login screen") to the stored password (read: "Password that the original user entered as his/her password"), you would do something like this pseudocode:

$passwordHash       = getPasswordForUser($userName);
$authenticationHash = sha2($authenticationPassword);

if ($passwordHash === $authenticationHash) {
    // successful login. do something here.
}
Community
  • 1
  • 1
Matt
  • 6,993
  • 4
  • 29
  • 50
  • Hi Matt, I am a little bit confused, so is it not as simple as using `PASSWORD(str)?` OR in other words `SELECT PASSWORD('TeacherPassword')` – user1394925 Aug 02 '12 at 15:51
  • From the MySQL manual: **Note** The `PASSWORD()` function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider `MD5()` or `SHA2()` instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications. – Matt Aug 02 '12 at 15:55
  • Hash functions tend to be *one-way* algorithms. In order to compare an authentication string against the stored password, you have to perform a hash on the authentication string, then compare the hash to the stored password (which has already been hashed). – Matt Aug 02 '12 at 15:56
  • I added to my answer to help clarify. – Matt Aug 02 '12 at 16:00
  • OK so first of all use SHA2() or MD5() in phpmyadmin and then use code you have showed me in the php script to compare passwords. Is this what you mean? – user1394925 Aug 02 '12 at 16:05
  • Did you read the [article](http://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database)? – Matt Aug 02 '12 at 16:08
  • When you insert the password use `INSERT INTO table_name (userid_column, username_column, password_column) VALUE (user_id, username, [HASH](password_string))` and that will "encrypt" your user's password. – Matt Aug 02 '12 at 16:17
  • If you have used PHPmyAdmin before, what do I actually change the data type to in the drop down menu? Or do I have to change it to SHA2 using SQL code? – user1394925 Aug 02 '12 at 16:22
  • So you cannot insert a hash password by using phpmyadmin insert? only by sql coding – user1394925 Aug 02 '12 at 16:43
  • phpmyadmin can execute straight sql queries. It just tends to let you use its GUI to make life easier. – Matt Aug 02 '12 at 16:46
  • Before I mark your answer, to update the field so it makes the "TeacherPassword" field into a hash field, how is it done? I tried this but did not work: `UPDATE Teacher SET [HASH](TeacherPassword)` – user1394925 Aug 02 '12 at 16:56
  • replace `[HASH]` with whichever hash function you've decided to use (i.e. `MD5()` **which is not recommended**, `SHA2()`, etc.). – Matt Aug 02 '12 at 16:58