Posted on November 24th, 2010
1856 views
Making MySQL Do More
The standard approach to authentication systems in web development is simple: store your confidential data in a database, pull the needed data from said database and let your language of choice do the work. What many programmers don't realize is that MySQL is capable of so much more than just reading and writing data. And that's what I hope to show you in this tutorial. Once we're done here we'll have an authentication system that is less expensive on the PHP and more reliant on MySQL's power. Almost all of the work will be done through MySQL; the PHP code we write will actually do very little in the whole process. This is good because I intend to keep this tutorial as language-independent as possible. One thing I want to make very clear though is that this approach is not recommended for production-grade systems. Because we're relying on MySQL we will be limited to the hashing algorithms it supports. And until MySQL 5.5, the only supported hashing algorithms were MD5 and SHA1. Chances are you're running a pre-5.5 release. We also will not be salting the passwords, a procedure you should perform on production systems. It's merely outside the scope of this tutorial. There have been numerous patches and implementations of SHA-256 released for the current MySQL versions but they are outside the scope of this tutorial. In the mean time we'll be using the SHA1 algorithm. If you have MySQL 5.5 installed then by all means, use SHA2() instead of SHA1().
|