Thursday, 24 May 2012

MYSQL: Password security problem with mysql Database,Be Aware about secure your Password

Yes , it is true in mysql your password may not secure . It happens with any developer those are using mysql as database. Normally developers are not aware about the password hacking and apply normal query for retrieving  data from database.

Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes.
In discussing security, it is necessary to consider fully protecting your password when login. Commonly we are using such below where clause for comparison for login or validation . But, it is completely not safe.

where binary pass='yourpassword'

But, this above code is not secure and it can be overlapped by using '=' . In place of you password you can use '=' , and see it will hack your password. Your condition is going to true and login success. So, Be careful if you are a responsible developer for your organization.

Your data can be fetch if your condition is '=', it is hacked or checked true. So, follow the process below.

Always use password security mechanism for secure your password.Always follow mysql manual for security before applying security on mysql password.

But when retrive data , you can  use HEX() function from convert it to Hexa decimal format .
As below :

HEX(vchadmin_pass)=HEX('YOur password')

Or use

MD5() other function mentioned below table.

So, Always follow the password security for secure. You can encrypt or decrypt the password when store using the following table :-

AES_DECRYPT()Decrypt using AES
AES_ENCRYPT()Encrypt using AES
COMPRESS()Return result as a binary string
DECODE()Decodes a string encrypted using ENCODE()
DES_DECRYPT()Decrypt a string
DES_ENCRYPT()Encrypt a string
ENCODE()Encode a string
ENCRYPT()Encrypt a string
MD5()Calculate MD5 checksum
OLD_PASSWORD()Return the value of the pre-4.1 implementation of PASSWORD
PASSWORD()Calculate and return a password string
SHA1(), SHA()Calculate an SHA-1 160-bit checksum
SHA2()Calculate an SHA-2 checksum
UNCOMPRESS()Uncompress a string compressed
UNCOMPRESSED_LENGTH()Return the length of a string before compression