Yes , it is true in mysql your password may not secure . It happens with any developer those are using mysql as database. Normally developers are not aware about the password hacking and apply normal query for retrieving data from database.
Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes.
In discussing security, it is necessary to consider fully protecting your password when login. Commonly we are using such below where clause for comparison for login or validation . But, it is completely not safe.
where binary pass='yourpassword'
But, this above code is not secure and it can be overlapped by using '=' . In place of you password you can use '=' , and see it will hack your password. Your condition is going to true and login success. So, Be careful if you are a responsible developer for your organization.
Your data can be fetch if your condition is '=', it is hacked or checked true. So, follow the process below.
Always use password security mechanism for secure your password.Always follow mysql manual for security before applying security on mysql password.
But when retrive data , you can use HEX() function from convert it to Hexa decimal format .
As below :
HEX(vchadmin_pass)=HEX('YOur password')
Or use
MD5() other function mentioned below table.
So, Always follow the password security for secure. You can encrypt or decrypt the password when store using
Anyone using MySQL on a computer connected to the Internet should read this section to avoid the most common security mistakes.
In discussing security, it is necessary to consider fully protecting your password when login. Commonly we are using such below where clause for comparison for login or validation . But, it is completely not safe.
where binary pass='yourpassword'
But, this above code is not secure and it can be overlapped by using '=' . In place of you password you can use '=' , and see it will hack your password. Your condition is going to true and login success. So, Be careful if you are a responsible developer for your organization.
Your data can be fetch if your condition is '=', it is hacked or checked true. So, follow the process below.
Always use password security mechanism for secure your password.Always follow mysql manual for security before applying security on mysql password.
But when retrive data , you can use HEX() function from convert it to Hexa decimal format .
As below :
HEX(vchadmin_pass)=HEX('YOur password')
Or use
MD5() other function mentioned below table.
So, Always follow the password security for secure. You can encrypt or decrypt the password when store using
the following table :-
| |||||||||||||||||||||||||||||||
No comments:
Post a Comment