On 2/10/06, Wilson Bilkovich <wilsonb / gmail.com> wrote:
> On 2/10/06, trevor <trevor / idvertise.com> wrote:
> > Pat Maddox wrote:
> > > Wouldn't you have to store the password SOMEWHERE?  This comes up
> > > periodically on the list so do a search to find what discussion has
> > > already been had.
> > >
> > > Anyway, if you encrypt the password then somehow it would have to be
> > > decrypted, so you'd have to keep a readable key somewhere.  Bottom
> > > line is that as long as you have correct file permissions you'll be
> > > fine.
> > >
> > > Pat
> >
> > ok, again i'm a bit confused by this.  (sorry if it has been discussed,
> > i did a search and could not find an answer)
> >
> > so if that is the case, why does basically every other password
> > mechanism i can think of not just use plain text, and just rely on
> > having "correct file permissions".  I'm curious then, where does mysql
> > store its username and passwords?  are they available in plaintext
> > somewhere on my harddrive too?
> >
> > i'm not being sarcastic...i just don't quite get it...
> >
>
> Typically the server component (like MySQL) doesn't store your
> password at all.  It merely stores enough information to verify that
> you've presented it with the correct password, but not enough to
> actually figure out what the password is, if someone stole the hard
> disk.
>
> A better analogy is that the database.yml file is like your keyboard.
> At some point, you have to punch the password in with your fingers,
> and if someone is watching your, they can record what you typed.

Exactly.  If you design an authentication system for your app, chances
are you don't store the password in the db, but instead store a hashed
version of it.  Then when your user logs in, your program will hash
the pass compare to what's in the db.  I don't know the exact
implementation, but I imagine that's roughly what goes on when you
authenticate to MySQL.

Every single password-based authentication mechanism is going to have
some place where the password is in plain text.  What you should be
trying to do is ensure that only one layer of the system has the
unencrypted password, and that you the minimum layers necessary so you
don't have many points of failure.

Pat