background preloader

MySQL

Facebook Twitter

Sql - MySQL error: key specification without a key length. Binary - Varbinary vs Blob in MySQL. How To Safely Store A Password | codahale.com. 31 Jan 2010 Use bcrypt Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}? These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. A modern server can calculate the MD5 hash of about 330MB every second. And that’s without investing anything.

If you’re willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. Salts Will Not Help You It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. Salt or no, if you’re using a general-purpose hash function designed for speed you’re well and truly effed. bcrypt Solves These Problems How? How much slower is bcrypt than, say, MD5? So we’re talking about 5 or so orders of magnitude. Tl;dr Use bcrypt. Updated February 24th, 2011. Why passwords should be hashed « Stack Exchange Security Blog. How passwords should be hashed before storage or usage is a very common question, always triggering passionate debate.

There is a simple and comprehensive answer (use bcrypt, but PBKDF2 is not bad either) which is not the end of the question since theoretically better solutions have been proposed and will be worth considering once they have withstood the test of time (i.e. “5 to 10 years in the field, and not broken yet”). The less commonly asked question is: why should a password be hashed? This is what this post is about. Encryption and Hashing A first thing to note is that there are many people who talk about encrypted passwords but really mean hashed passwords. In shorter words: if MD5 or SHA-1 is involved, this is password hashing, not password encryption. This still does not tell us why we would hash a password, only that hashing a password does not forfeit the intended usage of authenticating users.

To Hash or Not To Hash ? How to Use MySQL's AES_ENCRYPT and AES_DECRYPT to Store Passwords in a Database | Blog | johnboyproductions.com | Website design & application development. MySQL Consulting and NoSQL Consulting: MySQL DBA: Storing Passwords in MySQL. Securing plain text passwords in MySQL is NEVER a good idea. As a DBA you should take great care in protecting the users' information. Fortunately MySQL provides you with several options to protect passwords. After a quick scan of the manual, you may be tempted to store the password by applying the password function to it which is NOT a good idea. MySQL itself advises against using PASSWORD to manage application passwords. Instead of using PASSWORD(), we can use SHA1 or MD5. Unfortunately exploits for both of these encryption functions have been quite common these days.

Still, SHA1 or MD5 keep your password more protected than storing them as plain text. You can apply SHA1 algorithm to a password string: mysql> SELECT SHA1('mysecretpassword');+------------------------------------------+| SHA1('mysecretpassword') |+------------------------------------------+| 08cd923367890009657eab812753379bdb321eeb |+------------------------------------------+1 row in set (0.00 sec) Using SHA1 Using MD5. Mysql - What does character set and collation mean exactly. Index.

Hardware enthusiasts have been overclocking their PCs for years now, trying to push the limits of their hardware for maximum performance. Sometimes they are successful and their applications run speedy fast, while other times they push a little too hard and end up damaging the computer! Although it isn't quite as extreme, indexes in MySQL can increase the speed of your MySQL queries to squeeze a bit more performance out of your database. Indexes are created on a per column basis. If you have a table with the columns: name, age, birthday and employeeID and want to create an index to speed up how long it takes to find employeeID values in your queries, then you would need to create an index for employeeID.

When you create this index, MySQL will build a lookup index where employeeID specific queries can be run quickly. Indexes are something extra that you can enable on your MySQL tables to increase performance,cbut they do have some downsides. MySQL Code: Sql - MySQL: Can't create table (errno: 150) MySQL Error Number 1005 Can’t create table ‘.mydb#sql-328_45.frm’ (errno: 150) | VerySimple. MySQL Error Number 1005 Can’t create table ‘. \mydb\#sql-328_45.frm’ (errno: 150) If you get this error while trying to create a foreign key, it can be pretty frustrating. The error about not being able to create a .frm file seems like it would be some kind of OS file permission error or something but this is not the case. This error has been reported as a bug on the MySQL developer list for ages, but it is actually just a misleading error message.

In every case this is due to something about the relationship that MySQL doesn’t like. First Steps: If you have admin permission on the server, you may want to start by running the MySQL command “SHOW INNODB STATUS” (or MySQL 5.5 “SHOW ENGINE INNODB STATUS”) immediately after receiving the error. If your script runs fine on one server, but gives an error when you try to run it on a different server, then there is a good chance that #6 is the problem. Known Causes: The two key fields type and/or size is not an exact match. UUIDs vs Integer Primarykeys.

March 1, 2009 8:40 p.m. There's a bit of debate over whether UUIDs(or GUIDs - for Microsoft software) are suitable to be used as primary keys for objects in a database. I'm not so much going to describe the debate, as there's no point in arguing, it comes down to a design decision. You can think of the pros and cons, and decide for yourself.

ID Creation One of the big concerns of using autoincremented fields from a database, is that if a lot of inserts are happening, especially distributed inserts, everyone is waiting on the database to generate a new id. Some large distributed architectures actually have dedicated servers whose only purpose is to give out ids to objects. The advantage of using autoincremented values is there's a guarantee of uniqueness. The UUID solution is instead to generate a unique id that is not guaranteed to be unique, but has a very high probability of being unique. From wikipedia: Storage in MySQL I just generated a UUID: 1e8ef774-581c-102c-bcfe-f1ab81872213. Install MySQL Server 5 on Ubuntu.