Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Hashing in phpMyAdmin

I have a mySQL database and I am using phpMyAdmin to access it. The database has table employees with fields like name, address, email and password.

Initially the password field was just VARCHAR (20). But now I want to hash my password with SHA-256 hashing technique.

I do not have much experience with databases so I want to know is -

  1. can I hash all my current employees passwords without affecting the other fields or the entire table?

  2. In future when I am entering data in the database (from a web application), where do I write the hashing function to hash the password? i.e. does the hashing occurs at the front end and then the hashed password is stored in the DB or the password goes to the DB where it is hashed and then stored.

Solution and Suggestions are appreciated.

like image 785
codeinprogress Avatar asked Aug 08 '12 09:08

codeinprogress


2 Answers

Q1: Can I hash all my current employees passwords without affecting the other fields or the entire table?

A: Yes. But you need to alter the size of your column of the password by 40-42. You will use the PASSWORD( ) built-in function to encrypt your password

ALTER TABLE tableName MODIFY `password` VARCHAR(42); 

after that you can now update the password column

UPDATE tablename
SET     `password` = PASSWORD(`password`);

ex.)

abcde12345 => *20B30AFAF441808B50273EDA287132EC25B02DE2

Q2: In future when I am entering data in the database (from a web application), where do I write the hashing function to hash the password?

A: In your INSERT query

INSERT INTO tableName (name, address, email, password) 
VALUES ('aa','bb',''cc,PASSWORD('abcde12345'))

when you want to search for the password, encrypt first the text:

SELECT *
FROM   tableName
WHERE `password` = PASSWORD('abcde12345')

one more thing, don't forget to escape your Password column with backtick since it is a MySQL Reserved Word.

like image 148
John Woo Avatar answered Oct 17 '22 13:10

John Woo


You can hash the password in php and then store it in the DB:

$pwd = hash('sha256',$_POST['password']);

MySQL does not support sha256 function so you need to hash by code and then store/update your password table. Otherwise you can consider this http://stuge.se/mysql-sha256/

like image 1
matteomattei Avatar answered Oct 17 '22 12:10

matteomattei