MySQL offers a convenient method to store user passwords, encrypted in a database table. You use the password function both to store a password, and check a plain text string for password matching to authenticate a user.

However, if at any point, you decide to change database systems (to PostGreSQL, SQL Server, Oracle, etc.), you suddenly have a field which is completely unrecognizable to your new database system. I should not speak in absolute terms, I have have not done an acceptable level of research on various DBMS out there. But, suffice to say, it's certainly not a future-proof method.

It makes considerable more sense to encrypt your passwords using your scripting languages encryption functions, then store the value in a binary field in your database table. In this way, it will be easily portable to another DBMS, or even a different version of your existing DBMS.


Leave a Reply

Your email address will not be published. Required fields are marked *