Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use the case-sensitive for MySQL password field?

I have user login but user can login with case-insensitive way Means if your password is 'test' then user able to login with 'TEST' password.
I want to avoid the such type authentication on my password field.

like image 882
SKu Avatar asked Dec 12 '11 11:12

SKu


People also ask

How do I make MySQL password case sensitive?

but in case of login function we just do SELECT * FROM tbl WHERE password = aBc will be case sensitive and only consider password with aBc value.

Can you make MySQL case sensitive?

By default, it depends on the operating system and its case sensitivity. This means MySQL is case-insensitive in Windows and macOS, while it is case-sensitive in most Linux systems. However, you can change the behavior by changing collation. Last but not least: MS SQL Server.

Is MySQL field name case sensitive?

Table and database names are stored on disk using the lettercase specified in the CREATE TABLE or CREATE DATABASE statement, but MySQL converts them to lowercase on lookup. Name comparisons are not case-sensitive.

Are values in MySQL case sensitive?

Show activity on this post. By default MySQL queries are not case-sensitive. the case sensitivity of the underlying operating system plays a part in the case sensitivity of database and table names. This means database and table names are not case sensitive in Windows, and case sensitive in most varieties of Unix.


2 Answers

The easiest way is to use the binary keyword in your query use:

SELECT /*fields*/ FROM table WHERE /* where clause */ BINARY password = "userpassword"

OR

use the strcmp in your PHP code:

You can use this also if you store hashed or encrypted password which I recommend.

like image 97
Book Of Zeus Avatar answered Sep 30 '22 19:09

Book Of Zeus


I guess you are storing passwords in clear. That's not only pretty insecure, it's also unnecessary in most situations. My advice is to store passwords in two columns, e.g.:

password_salt VARCHAR(16)
password_hash VARCHAR(40)

Before storing a new password, take the password provided by the user ($clear_password), create a random string ($salt) and use both to create a hash (sha1sum($salt . $clear_password). Store both the salt and the hash and discard the clear password.

To validate a password, retrieve the stored salt for the given user, generate the hash and see if it matches with the hash in DB.

This technique is called salted passwords.

like image 39
Álvaro González Avatar answered Sep 30 '22 20:09

Álvaro González