Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
Problems? Is your data what you think it is?
 
PerlMonks  

Re: comparing md5 hashed passwords

by hesco (Deacon)
on Feb 16, 2006 at 15:03 UTC ( [id://530765]=note: print w/replies, xml ) Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.


in reply to comparing md5 hashed passwords

This works like a charm, authenticating plain text tokens. But I haven't been able to figure out how to get it to work against digested passwords.

I must be missing something here:

mysql> select uid, username, password from userdb;
+-----+------------+------------------------------------------------+
| uid | username   | password                                       |
+-----+------------+------------------------------------------------+
|   2 | hesco      | password                                       |
|  35 | md5        | 05;X@9WL<JL&TU3!8@`L&[P``
                     |
|  36 | md5_hex    | @-35B93(P-C<W8C%C86%C,6(T9#4S,#4X.#`P8C`V968`
 |
|  37 | md5_base64 | 65F(T9UHS<V-Q<T<P,51"66=!<T<W=P``
             |
+-----+------------+------------------------------------------------+
4 rows in set (0.00 sec)

[download]
I'm using some code that wraps around DBIx::UserDB to build and manipulate a database of authentication keys. I want to access those tables with the CGI::Application::Plugin::Authentication to guard the entrance to applications built behind that front door.

The four users above all have the password "password", encoded, to the best of my knowledge using the method indicated by their username. I changed this line of code in the CreateUser subroutine to make the changes.

sub CreateUser {
  my($userdb,$username,$password)=@_;
  print STDERR "Running Create User Subroutine.\n";
  # store md5 hash of password
  # my $digest = md5($password);
  # my $digest = md5_hex($password);
  # my $digest = md5_base64($password);

  # my $user = { username => $username, password => $digest };
  my $user = { username => $username, password => $password };
  $user = $userdb->user_create( $user );
  return;
}

[download]
I changed this line of code in the DRIVER definition to test my ability to connect. 
  DRIVER => [ 'DBI',
    DBH         => $authdb,
    TABLE       => 'userdb',
    CONSTRAINTS => {
      'userdb.username' => '__CREDENTIAL_1__',
      'userdb.password' => '__CREDENTIAL_2__'
      # 'MD5:userdb.password' => '__CREDENTIAL_2__'
      # 'MD5_hex:userdb.password' => '__CREDENTIAL_2__'
      # 'MD5_base64:userdb.password' => '__CREDENTIAL_2__'
    },
  ],

[download]
Is there some other way I should be doing this?

-- Hugh

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://530765]
help
Sections?
Information?
Find Nodes?
Leftovers?
    Notices?
    hippoepoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.