[squid-users] squid authentication to remote sql server
Yuri Voinov
yvoinov at gmail.com
Tue Feb 10 21:46:25 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Amos, MD5 insufficient. As minimum, SHA256 with salt. New Oracle RDBMS
use SHA to store user's password.
And don't forget about SQL Injection and password cracking farms..........
11.02.15 3:28, Amos Jeffries пишет:
> On 11/02/2015 8:17 p.m., Ahmad wrote:
>> Thank you amos , I fixed the table thing , but I have new error
>> now :
>>
>> /lib/squid/basic_db_auth --dsn
>> "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user
>> "squid" --password "squid" --table "passwd" --usercol "user"
>> --passwdcol "password" --cond "" --plaintext
>>
>> ERR unknown login ERR unknown login ERR unknown login ERR unknown
>> login ERR unknown login
>>
>>
>> Wt do u think ?? Mysql issue ?
>
> Input issue. Thats a user:password combination being presented that
> does not exist in the table.
>
> Though it might be mysql interpreting the "password" in queries as
> the built-in password() function. I renamed that column to "token"
> in my auth DB.
>
> And like Yuri pointed out a DB of passwords in clear-text is not
> the greatest of security. At minimum use salted MD5 for the final
> setup.
>
> Amos _______________________________________________ squid-users
> mailing list squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU2nwxAAoJENNXIZxhPexGR84H/0A1ZldvWUbknbLPggemiXI7
fGF4B06K1IlgpVcXFZuyrCl9YQWdQfCv2PYbh5bVJuHzao4D146dmom7Ppvh0H4r
lcZEHb8ahr69Mzn43iozx5g8uuWJtoLRv3MFg73yR209H08XClJo7cnBYIj/Ije5
CftttAz0c+kxnR2GkyOU2Rp3xkwK1RQdre8BeRSPRYrFww11jqv35QY4O0M2VCQg
L5Ljx2s+rBto1Bg79VvV5syyEo3aOMIOXS8nUFqFYboVR4LFrakFk6mKVOI7klvH
t+4x/oUG3ZGlMdSbxKEn1w2mP1dpWnrN1d2lKCkQPv2qVmm6gInNPzXr2PAoNAI=
=gzYx
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list