Hi,

Sorry for the little off-topic, but the vpoopmail list is kind of dead.

I'm running a qmail server with vpopmail with MySQL authentication.

=46or obnoxious reasons, I'm running a web site in Windows/ASP.NET/C# t=
hat
once a user registers, it inserts in the MySQL qmail server the
username, password, etc.

It's in the password that the problem lies.
I need to hash it just before or after the MySQL INSERT statement.
=46or that, I have to run a PHP shell script that follows my signature.

Problem is MySQL doesn't run external commands.

Any ideas ?

Any help would be appreciated.

Warm Regards,
M=E1rio Gamito

--

<?php

function randltr() {
$retval =3D 'a';
$rand =3D rand() % 64;
if ($rand < 26) $retval =3D $rand + 'a';
if ($rand > 25) $retval =3D $rand - 26 + 'A';
if ($rand > 51) $retval =3D $rand - 52 + '0';
if ($rand =3D=3D 62) $retval =3D ';';
if ($rand =3D=3D 63) $retval =3D '.';
return($retval);
}

function mkpasswd3(&$clearpass, &$crypted) {
srand ((double)microtime()*1000000);

$salt =3D '$1$';
for ($i =3D 0; $i < 5; $i++) $salt .=3D randltr();
$salt .=3D '0';
$crypted =3D crypt($clearpass, $salt);
if (strlen($crypted) > 0) return(true);
return(false);
}

$clearpass =3D 'yeshua';
$crypted =3D '';

if (mkpasswd3($clearpass, $crypted))
printf("%s -> %s\n", $clearpass, $crypted);
else
echo("Ohoh");
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Words by M=E1rio Gamito [Wed, Feb 20, 2008 at 12:35:26AM +0000]:
> Hi,
>
> Sorry for the little off-topic, but the vpoopmail list is kind of dea=
d.
>

So is the diablo mailing list and I don't see any diablo nntp related
questions here.

> I'm running a qmail server with vpopmail with MySQL authentication.
>
> For obnoxious reasons, I'm running a web site in Windows/ASP.NET/C# t=
hat
> once a user registers, it inserts in the MySQL qmail server the usern=
ame,
> password, etc.
>
> It's in the password that the problem lies.
> I need to hash it just before or after the MySQL INSERT statement.
> For that, I have to run a PHP shell script that follows my signature.
>
> Problem is MySQL doesn't run external commands.
>

All that does is generate a random md5 salt and do an md5 crypt of the
password. Why would you want to run that on an external command? I
guess you can easily do it on c#.

>
> <?php
>
> function randltr() {
> $retval =3D 'a';
> $rand =3D rand() % 64;
> if ($rand < 26) $retval =3D $rand + 'a';
> if ($rand > 25) $retval =3D $rand - 26 + 'A';
> if ($rand > 51) $retval =3D $rand - 52 + '0';
> if ($rand =3D=3D 62) $retval =3D ';';
> if ($rand =3D=3D 63) $retval =3D '.';
> return($retval);
> }
>
> function mkpasswd3(&$clearpass, &$crypted) {
> srand ((double)microtime()*1000000);
>
> $salt =3D '$1$';
> for ($i =3D 0; $i < 5; $i++) $salt .=3D randltr();
> $salt .=3D '0';
> $crypted =3D crypt($clearpass, $salt);
> if (strlen($crypted) > 0) return(true);
> return(false);
> }
>
> $clearpass =3D 'yeshua';
> $crypted =3D '';
>
> if (mkpasswd3($clearpass, $crypted))
> printf("%s -> %s\n", $clearpass, $crypted);
> else
> echo("Ohoh");
> -

--
Jose Celestino
------------------------------------------------------------ ----
http://www.msversus.org/ ; http://techp.org/petition/show/1
http://www.vinc17.org/noswpat.en.html
------------------------------------------------------------ ----
"If you would have your slaves remain docile, teach them hymns."
-- Ed Weathers ("The Empty Box")
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Respondo outra vez quando tiver recebido este e-mail. Amanha pelas
00:35.

Words by M=E1rio Gamito [Wed, Feb 20, 2008 at 12:35:26AM +0000]:
> Hi,
>
> Sorry for the little off-topic, but the vpoopmail list is kind of dea=
d.
>

--
Jose Celestino
------------------------------------------------------------ ----
http://www.msversus.org/ ; http://techp.org/petition/show/1
http://www.vinc17.org/noswpat.en.html
------------------------------------------------------------ ----
"If you would have your slaves remain docile, teach them hymns."
-- Ed Weathers ("The Empty Box")
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Hi,

M=E1rio Gamito wrote:
> For obnoxious reasons, I'm running a web site in Windows/ASP.NET/C# t=
hat
> once a user registers, it inserts in the MySQL qmail server the
> username, password, etc.
>
> It's in the password that the problem lies.
> I need to hash it just before or after the MySQL INSERT statement.
> For that, I have to run a PHP shell script that follows my signature.

There is an encrypt function in MySQL:

http://dev.mysql.com/doc/refman/5.0/en/encryption-functions. html#functi=
on_encrypt

but it is only available on systems which have a system crypt call (not=

Windows according to the docs). However if your MySQL database is
running on Linux you should be able to just change the insert statement=

in the C# code to something like:

insert into user_details values("username", encrypt("password"), ...);

and not bother with the php script. If the database is on Windows, the=
n
there are other encrytion functions available. There is a User Comment=

at the bottom of the above web page (search for "Philip Mather") which
discusses using a trigger to achieve something that sounds similar to
what you want.

There are lots of other options, of course, but my first route would
always be to modify existing code. You might want to be careful,
however, that you aren't breaking any license agreement before going
ahead and modifying anything. If the code is unavailable or protected
then you can just put a trigger on the user_details table in the
database and encrypt the password there.

Hope some of that helps.

Cheers

Adam
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Jose Celestino wrote:
>> Problem is MySQL doesn't run external commands.
>>
>
> All that does is generate a random md5 salt and do an md5 crypt of the
> password. Why would you want to run that on an external command? I
> guess you can easily do it on c#.

If you are going to go this route, you might want to take a look at this
port of the crypt function:

http://www.codeproject.com/KB/cs/unixcrypt.aspx

Cheers

Adam
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

On Feb 20, 2008 3:52 AM, Adam T. Bowen <adamb [at] agitate.org.uk> wrote:
>
> Jose Celestino wrote:
> >> Problem is MySQL doesn't run external commands.
> >>
> >
> > All that does is generate a random md5 salt and do an md5 crypt of the
> > password. Why would you want to run that on an external command? I
> > guess you can easily do it on c#.

This one should help, mysql allows password hashing
http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html

>
> If you are going to go this route, you might want to take a look at this
> port of the crypt function:
>
> http://www.codeproject.com/KB/cs/unixcrypt.aspx
>
> Cheers
>
> Adam
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo [at] vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html