Java linux HTML qmail C++ PHP Debian MySQL ASP JavaScript perl Delphi NetBSD Solaris etc etc etc [...]






Page: 1 2 3 4 5 6 7 8 9 10


Comments:
<will> In all honesty, MySQL doesn't know what marble was put in last. You have to 'tag' it somehow, like an autoinc or timestamp.
<arrase> the last INSERT INTO tabla (col1, col2, ...) VALUES('valor1', 'valor2', ...);
<arrase> ok
<murdoc> hmm..
<murdoc> well what you can do is... use search max id
<murdoc> since you have it auto increment
<murdoc> the max id must be your last entry since it goes up when you add a new entry
<will> !man last insert id
<SQL> (How to Get the Unique ID for the Last Inserted Row) : http://dev.mysql.com/doc/mysql/en/Getting_unique_ID.html
<will> Also look at that.
<arrase> thanks for all
<Guss77> Hello people
<will> Hello aliens
<Guss77> :-)
<Guss77> I have a password question, if you please, regarding the old-vs-new scheme
<will> WHAT ABOUT IT?



<Darien> your question-withholding abilities frighten and excite me
<Daveman> Hi Darien :)
<will> RUN DARIEN RUN!
<Guss77> I have a database with passwords stored using the password() function. most of them were generated under MySQL 4.0 with old-passwords, and some with the new password() call
<Guss77> I'm using pam-mysql for authentication, and with some trickery I can get both types to auth correctly
<Guss77> now the problem - how do I do the same in plain SQL ?
<will> oh baby
<Daveman> :O
<Daveman> omfg
<Darien> wait a minute
<infi> quit stalking me, Daveman
<Darien> do NOT tell me you're using password() outside of setting the password for MySQL users
<Daveman> You stop stalking me!
<Daveman> plus I don't even like you, infibot :)
<Daveman> heehee
<Daveman> haha Darien :P
<Daveman> they triiiiiiiiiiiiicked youuuuuuuuuuu :P
<Guss77> anybody ?
<Daveman> haha, silly noobs :)
<infi> DELETE Daveman FROM #mysql;
<Darien> Guss77: dude, I just addressed you
<Daveman> infi, pass.
<Darien> Guss77: are you using the password() function outside of the mysql.users table?
<Daveman> infi: and fyi, you need to unlock the row(s) in question first, noob.
<Daveman> ;p
<Guss77> I am. why ?
<infi> heh
<Darien> DO NOT DO THIS
<Darien> !m Guss77 password
<SQL> Guss77: (Access Control, Stage 1: Connection Verification) : http://dev.mysql.com/doc/mysql/en/Connection_access.html
<Guss77> sorry - I'm terribly lagging.
<Guss77> yea, I know all about that
<Daveman> Darien, how's CPUnerd doing? :)
<Darien> hmm
<Darien> that's not what I wanted
<Darien> anyway, the manual states very explicitly
<Darien> password() is designed for use in the MySQL authentication scheme ONLY
<Darien> it is NOT AN ACCEPTABLE PASSWORD MECHANISM FOR APPLICATIONS
<Darien> endcaps
<Darien> for that you should be using MD5 or (preferably) SHA-256
<Darien> I don't mean to be a ****, but I must stress this very strongly
<Darien> Guss77: I would strongly suggest switching to using SHA() for passwords
<Guss77> currently its not an option. I have a large userbase to maintain and I can't get them all to log in and change the password
<Darien> you don't necessarily have to
<Guss77> ahmm. please explain ?
<Darien> you could do it completely transparently
<Darien> add another password column
<Darien> then, when a user logs in, you check
<Guss77> no I can't because I don't have the cleartext
<Darien> listen to me
<Darien> stop talking
<Darien> add another password column
<Darien> when the user logs in you check to see if their row has an entry in the new SHA1 column
<Darien> if so, you do a SHA hash and check that
<Darien> if not, you check the old password format(s)
<Darien> if those match, then the user is authenticated
<Guss77> hmm.. interesting. I actually don't need another column for that. (I currently use both new and old passwords in the same column. I can add sha1 or whatever)
<Darien> now you have the cleartext, you generate the SHA1 hash, and then remove the old entries from the database
<Darien> you could do that too



<Guss77> problem is - I'd need to patch pam-mysql to do that :-(
<Darien> why?
<Guss77> I don't think it has that option
<Darien> to sha hash?
<Guss77> to do the update
<cmorgan> is there an efficient way using sql to aggregate datetime values into 'hour' or 'day' bins? i want to aggregate values that may be added during an hour into an hourly total
<Guss77> basically - I have to wait for a user to login using the old password - they can only do this using pam-mysql currently.
<Guss77> so I have to "fix" pam-mysql to do the replacement for me.
<Darien> aha
<Darien> that's true
<Guss77> hmm.. or easier - I can get it to log the clear text and then have something analyze the logs and do the update myself.
<Darien> true
<Guss77> heh - that would work :-) thanks !
<Darien> security implications
<Guss77> of course, always :-)
<Darien> I recommend storing the data in memory for a while and then writing it to an encrypted file on disk
<Darien> via gpg
<Darien> but that's me
<Darien> realistically, you could log to a line printer and no one would be the wiser
<Guss77> I agree with your security analysis, but that would be to much work to put in a simple hack
<Darien> true
<Guss77> currently pam-mysql offers logging to a database table, so I can override that to log the clear text into a table only pam-mysql has write access and only me have read access.
<Darien> nice
<Darien> hey
<Guss77> cmorgan: you can use temporary tables for that
<Guss77> hey ?
<cmorgan> Guss77: sure
<Darien> you could use DES_ENCRYPT() and DES_DECRYPT()
<cmorgan> Guss77: the question is how to get the time ranges
<Darien> that only works if you have SSL support though
<Guss77> cmorgan: there are some useful date functions in the manuak
<Xgc> cmorgan: select hour(now())
<Guss77> problem is, DES is almost clear text for anyone with a modern computer
<jpm_> cmorgan: group by date(created_date) ?
<cmorgan> Xgc: i was planning to run this on a daily basis
<Darien> Guss77: *almost* :p
<Guss77> although, probably not on texts as short as a password.
<Darien> you could use AES
<cmorgan> jpm_: works for grouping by hours?
<jpm_> sure, it's just sql
<jpm_> why wouldn't it
<Guss77> Yes - I can do that :-) thanks a lot !
<Darien> :)
<Darien> use a binary password too, then they won't even be able to run 'strings' on the binary to get the password out to decrypt
<Darien> unicode ftw
<Xgc> cmorgan: The point is you can group by that type of expression.
<Squee> Table: posts (post_id, title, description, post_time)
<Squee> Table: pictures (post_id, picture_id, filename)
<cmorgan> Xgc: i'm not seeing it
<Xgc> cmorgan: SELECT ... FROM table1 GROUP BY hour(field1)
<Darien> bedtime
<Darien> Guss77: enjoy :)
<Guss77> thanks :-) good night
<cmorgan> Xgc: that will group things from the same hour on multiple days right?
<Xgc> cmorgan: Yes. But you can add grouping fields, if you wish.
<cmorgan> Xgc: right
<Guss77> Squee: I think so. IIRC Mysql has a rand function
<cmorgan> Xgc: how to group by multiple things? group by date(datetimefield), hour(datetimefield) ?
<cmorgan> Xgc: in the same query that is(sorry to be confusing)
<Xgc> cmorgan: That's the right form.
<cmorgan> Xgc: thats pretty neat. let me try that out. i was worried i'd need do issue dozens or hundreds of queries combined with logic on the client side(php server in this case), this looks nice
<Xgc> cmorgan: No need for that.
<Squee> guss77: yeah there's a random function but how to do a sub query with a random query is where i have no idea.
<Guss77> Squee: heh - I can see your problem :). gimme a minute
<Squee> sure thing.
<cmorgan> Xgc, Guss77, jpm_: thanks for the help guys
<Guss77> Squee: you want a random row. thats the problem
<Guss77> I thought to use limit, but it doesn't accept function output
<Guss77> what I could do - of the top of my head, is make your query (with the right join) and dump it into a temp table with an additional row of random number, then get the highest random value. or something like that
<arrase> ok i have a way for take only the last entry thank for all :)
<Guss77> but it sounds clunky. I'm sure there's a better way


Name:

Comments:

Please enter the result of the sum 63 + 46 (to avoid spam):






Return to #mysql
or
Go to some related logs:

perl
opsec fedora
outline dragging ubuntu
Creative VF0040BP Linux
linux restart the process if it dies
perl
debian+smtpd_check_rules
math
ubuntu uninstall vnc4server
Gtk-WARNING **: cannot open displa