[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cyrus-sasl
Subject:    Re: MySQL crypt auxprop
From:       Scott Russell <lnxgeek () us ! ibm ! com>
Date:       2003-02-27 2:22:03
[Download RAW message or body]


On Wed, Feb 26, 2003 at 05:33:03PM -0500, Rob Siemborski wrote:
> On Wed, 26 Feb 2003, Philon Terving wrote:
> 
> > Does all this speaking mean that one finally can uses encrypted passwords in
> > the mysqldb and still be able to use MD5 encryption on the connection?
> 
> Well, sure, if you store the decryption key right next to the database.
> 
> But then, the encryption doesn't really matter, does it?

We use encode()/decode() with a salt to keep the passwds in mysql
encrypted. The reason we bother to even do anything is to keep the
plain text passwds from flowing across the wire unecrypted during
database replication on our Intranet.

While this is by no means full proof it is one more hurdle (or speed
bump as the case maybe) for someone looking to get imap user/pass
pairs from our boxes.

-- 
  Scott Russell (lnxgeek@us.ibm.com)
  Linux Technology Center, System Admin, RHCE.
  Dial 877-735-8200 then ask for 919-543-9289 (TTY)


[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]