[squid-users] squid authentication to remote sql server

Yuri Voinov yvoinov at gmail.com
Tue Feb 10 21:46:25 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Amos, MD5 insufficient. As minimum, SHA256 with salt. New Oracle RDBMS
use SHA to store user's password.

And don't forget about SQL Injection and password cracking farms..........

11.02.15 3:28, Amos Jeffries пишет:
> On 11/02/2015 8:17 p.m., Ahmad wrote:
>> Thank you amos , I fixed the table thing , but I have new error
>> now :
>> 
>> /lib/squid/basic_db_auth --dsn
>> "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user
>> "squid" --password "squid" --table "passwd" --usercol "user"
>> --passwdcol "password" --cond "" --plaintext
>> 
>> ERR unknown login ERR unknown login ERR unknown login ERR unknown
>> login ERR unknown login
>> 
>> 
>> Wt do u think ?? Mysql issue ?
> 
> Input issue. Thats a user:password combination being presented that
> does not exist in the table.
> 
> Though it might be mysql interpreting the "password" in queries as
> the built-in password() function. I renamed that column to "token"
> in my auth DB.
> 
> And like Yuri pointed out a DB of passwords in clear-text is not
> the greatest of security. At minimum use salted MD5 for the final
> setup.
> 
> Amos _______________________________________________ squid-users
> mailing list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJU2nwxAAoJENNXIZxhPexGR84H/0A1ZldvWUbknbLPggemiXI7
fGF4B06K1IlgpVcXFZuyrCl9YQWdQfCv2PYbh5bVJuHzao4D146dmom7Ppvh0H4r
lcZEHb8ahr69Mzn43iozx5g8uuWJtoLRv3MFg73yR209H08XClJo7cnBYIj/Ije5
CftttAz0c+kxnR2GkyOU2Rp3xkwK1RQdre8BeRSPRYrFww11jqv35QY4O0M2VCQg
L5Ljx2s+rBto1Bg79VvV5syyEo3aOMIOXS8nUFqFYboVR4LFrakFk6mKVOI7klvH
t+4x/oUG3ZGlMdSbxKEn1w2mP1dpWnrN1d2lKCkQPv2qVmm6gInNPzXr2PAoNAI=
=gzYx
-----END PGP SIGNATURE-----


More information about the squid-users mailing list