I've been using this module for some time now. I recently configured it up for use with a new user db on a newly created apache server. The problem I'm having is that sometimes the passwords are validated, although frequently they are not.
The scenario goes like this, I create a user with a password. The password will never work using mod_auth_mysql. Then, I go through some iterations of updating the password (using a php password update form), and then after about 4 password updated iterations, finally I get one that works with mod_auth_mysql (all using the same password input string). This password will continue to work upon each usage (in mod_auth_mysql) after that. Then I update the password again, and at that point it will no longer validate with mod_auth_mysql.
I hope this is understandable.
This is using a crypt Standard DES encryption, the mod_auth_mysql module is the latest available (3.0), w/apache2.0.55 on solaris 8.
Any ideas?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
More details, the passwords in the mysql db are properly validated using perl in one security scheme, and php in another. I'm not sure why this C implementation would have trouble. Also, only when the resulting encrypted password (stored in mysql) contains one of the special characters `[] _^@ does the problem occur. All other resulting encrypted strings work fine.
Any help here would be greatly appreciated.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You're problem was probably the backslash ('\') character (ascii 92). In C this is used as an escape character, i.e. the sequence '\n' is a new line character, not a backslash and an n.
In PHP this is also true if it's enclosed in double quotes ("), but not single quotes ('). Don't know about Perl.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've been using this module for some time now. I recently configured it up for use with a new user db on a newly created apache server. The problem I'm having is that sometimes the passwords are validated, although frequently they are not.
The scenario goes like this, I create a user with a password. The password will never work using mod_auth_mysql. Then, I go through some iterations of updating the password (using a php password update form), and then after about 4 password updated iterations, finally I get one that works with mod_auth_mysql (all using the same password input string). This password will continue to work upon each usage (in mod_auth_mysql) after that. Then I update the password again, and at that point it will no longer validate with mod_auth_mysql.
I hope this is understandable.
This is using a crypt Standard DES encryption, the mod_auth_mysql module is the latest available (3.0), w/apache2.0.55 on solaris 8.
Any ideas?
More details, the passwords in the mysql db are properly validated using perl in one security scheme, and php in another. I'm not sure why this C implementation would have trouble. Also, only when the resulting encrypted password (stored in mysql) contains one of the special characters `[] _^@ does the problem occur. All other resulting encrypted strings work fine.
Any help here would be greatly appreciated.
The salt I was generating was from ascii 64-126.
The special characters causing problems were in the salt in all but one case, and the one case was likely a result of a salt out of the typical range.
From other similar algorithms I noticed that the salt is typically in the range a-zA-Z0-9. Making this change fixed the problem.
Odd that perl and php seem a bit more forgiving in this area.
You're problem was probably the backslash ('\') character (ascii 92). In C this is used as an escape character, i.e. the sequence '\n' is a new line character, not a backslash and an n.
In PHP this is also true if it's enclosed in double quotes ("), but not single quotes ('). Don't know about Perl.