help with password validation

[rbauerle]

I have to compare the user's passwd to the one in my db. The passwd was inserted in db with
INSERT INTO table (fileds ... passwd) VALUES (values ... PASSWORD('typed_password')).
I already tried to compare in two ways:
SELECT * FROM table WHERE passwd = PASSWORD('typed_passwd')
and
SELECT * FROM table WHERE passwd LIKE PASSWORD('typed_passwd').

Please, answer asap.
Thanks a lot, rbauerle.

 

[karluk]

Your first select looks right to me.

SELECT * FROM table WHERE passwd = PASSWORD('typed_passwd')

I'm assuming that PASSWORD is a function that encodes the typed password. If you store PASSWORD('typed_passwd') and then compare it later to PASSWORD('typed_passwd') of a new login attempt, you should get a match if and only if the two typed passwords match. That's, of course, if the PASSWORD function doesn't contain any randomizing based on time-of-day or something else that has changed.

What happens when you execute

select PASSWORD('xyz') from dual;

two consecutive times? You should get the same value. Is that what happens?

 

[rbauerle]

We always get the same value.
It's working now. Just don't ask me what I did for this to work 'cuz I don't know.

Anyway, yhank you.

 

[r937]

karluk, PASSWORD is a mysql function

if you were to select something from DUAL in mysql, you'd get a "table not found" error

sorry, couldn't help myself

bad enough that people ask database-specific questions in the ansi sql forum, we should always try to give ansi sql answers

that said, i find DUAL extremely useful when working with Oracle, in fact i often duplicate the concept in other database systems, just for queries such as the one you suggested

i don't call it DUAL, though, i call it OOAK (one of a kind) after the record of the same name in IDMS, a network database back in the 70's

rudy