 |  |  |  |  |  |  |  |
Query that retrieves an MD5 hash of a password from the seeded MD5 hash
Please support our MySQL advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Sep 2005
Posts: 1,075
Reputation: 
Solved Threads: 66
Please excuse the length of this post:
I'm trying to integrate OpenFire (XMPP Server) with a Joomla (CMS) user database.
Openfire allows authentication against an external database by editing its configuration.
In the configuration you have to supply the query that will retrieve the password from the external database, given the username.
eg:
The password supplied by the client will be plain text. The comparison with the query result can be plain text or MD5/SHA-1 hash.
quoting the docs:
The problem is that Joomla saves passwords as the MD5 hash of the plaintext password and a random seed. The seed is then appended to the end of the resulting hash in the password column.
eg:
If the user password is "test". Then Joomla will generate a random seed, 'xyz' and generate the hash:
It will then save the password field as:
So when a user authenticates, they send in a plain text password.
'test'. The password for that user is retrieved from the db, and split into the hash and seed.
The plain text pass is then again concatenated with the seed, MD5 hashed and compared with the existing hash in the DB.
Now for the question:
At the moment, I have integration set to plain-text and the SQL Query to:
But this means the whole password column must be supplied into the IM client to log into an account. What I want is to configure a query that will return just the MD5 hash of the password, or at least work within the restrictions given for the query, to allow using the actual password in the IM client.
My understanding is it isn't possible since MD5 cannot be reversed within a MySQL query, but I'd just like to pose the question in case there is a work around...
I'm trying to integrate OpenFire (XMPP Server) with a Joomla (CMS) user database.
Openfire allows authentication against an external database by editing its configuration.
In the configuration you have to supply the query that will retrieve the password from the external database, given the username.
eg:
MySQL Syntax (Toggle Plain Text)
The password supplied by the client will be plain text. The comparison with the query result can be plain text or MD5/SHA-1 hash.
quoting the docs:
•
•
•
•
# jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
# jdbcAuthProvider.passwordType -- the type of the password. Valid values are "plain" (the password is stored as plain text), "md5" (the password is stored as a hex-encoded MD5 hash) and "sha1" (the password is stored as a hex-encoded SHA-1 hash). If this value is not set, the password type is assumed to be plain.
eg:
If the user password is "test". Then Joomla will generate a random seed, 'xyz' and generate the hash:
MySQL Syntax (Toggle Plain Text)
It will then save the password field as:
MySQL Syntax (Toggle Plain Text)
So when a user authenticates, they send in a plain text password.
'test'. The password for that user is retrieved from the db, and split into the hash and seed.
The plain text pass is then again concatenated with the seed, MD5 hashed and compared with the existing hash in the DB.
Now for the question:
At the moment, I have integration set to plain-text and the SQL Query to:
MySQL Syntax (Toggle Plain Text)
But this means the whole password column must be supplied into the IM client to log into an account. What I want is to configure a query that will return just the MD5 hash of the password, or at least work within the restrictions given for the query, to allow using the actual password in the IM client.
My understanding is it isn't possible since MD5 cannot be reversed within a MySQL query, but I'd just like to pose the question in case there is a work around...
www.fijiwebdesign.com - web design and development and fun
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!
Cpanel Email - Let users Register email accounts on your website upon registration
Ajax Chat - Fully browser based chat!
|
Other Threads in the MySQL Forum
- Previous Thread: Do you have trouble connecting to mysql database using the odbc mysql 5.1 driver
- Next Thread: Wordpress 2.6 & SQL table prefix Question
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest MySQL Posts
- Today's Posts
- Unanswered Threads
agplv3 alfresco amazon api artisticlicense aws breathalyzer camparingtocolumns changingprices cmg communityjournalism contentmanagement contractors copyright count court crm database design developer development distinct drupal dui ec2 email enterprise eudora facebook form foss gartner gnu government gpl greenit groklaw groupware hiring hyperic images innerjoins insert ip joebrockmeier join journalism keyword keywords kickfire laptop law legal license licensing linux maintenance managing matchingcolumns metron micromanage microsoft microsoftexchange mindtouch montywidenius mozilla multiple music mysql mysqlcolumnupdating mysqldatetimeordermax() mysqlindex mysqlinternalqueries mysqlquery mysqlsearch news open-xchange opendatabasealliance opengovernment opensource oracle penelope php priceupdating query referencedesign reorderingcolumns resultset saas select sharepoint sourcecode spotify sql sugarcrm syntax techsupport thunderbird transparency virtualization
