Hello, I'm new to MySQL and am currently creating a small database driven
website. My question is :- In the 'users' table the password field is set
out with 'VARCHAR(20) NOT NULL' to give me a maximum length of 20
characters, how can I specify a minimum password length of say 5
characters? - Is this to be done in table creation or by some sort of input
mask on the 'register account' page?

Katash wrote:
> Hello, I'm new to MySQL and am currently creating a small database driven
> website. My question is :- In the 'users' table the password field is set
> out with 'VARCHAR(20) NOT NULL' to give me a maximum length of 20
> characters, how can I specify a minimum password length of say 5
> characters? - Is this to be done in table creation or by some sort of input
> mask on the 'register account' page?

The string in that column is not the password. It's an encrypted form
of the password, using MySQL's PASSWORD() function. Like many hashing
functions (e.g. MD5 or SHA-1), this function outputs a string of fixed
length, regardless of the length of the input.

See http://dev.mysql.com/doc/refman/5.0/...functions.html for
more information.

(NB: note that the docs recommend that you do _not_ use the PASSWORD
function for your applications, use MD5 or SHA-1 instead.)

Instead of letting the database enforce password rules, you should
enforce rules about password length in your application, as you accept
the user's input, and before you encrypt and store the password. This
also gives you the opportunity to analyze the password for other
purposes: it shouldn't be in the dictionary, should contain both letters
and digits, etc.

For what it's worth, I never use the MySQL 'users' table to manage users
and passwords for a web site. I create an accounts table in the
database for my application, and use that for the web app to
authenticate against. When connecting to MySQL, the web app always uses
a single MySQL user, regardless of who is using the web app.

In my accounts table, I use MD5 or SHA-1 as a one-way encryption to
store the users' passwords. When they later log in and give their
password, encrypt the string they input and compare that against what's
stored in the database. That way you never store their password in
clear text.

Regards,
Bill K.

In article <QZMYf.377657$l04.303208@fe09.news.easynews.com> ,
"Katash" <pcformat@btinternet.com> wrote:

> Hello, I'm new to MySQL and am currently creating a small database driven
> website. My question is :- In the 'users' table the password field is set
> out with 'VARCHAR(20) NOT NULL' to give me a maximum length of 20
> characters, how can I specify a minimum password length of say 5
> characters? - Is this to be done in table creation or by some sort of input
> mask on the 'register account' page?

That's a "business rule" and not the function of the database to
enforce. You code this limitation into your program.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

On Wed, 05 Apr 2006 10:29:04 GMT, Katash wrote:
> Hello, I'm new to MySQL and am currently creating a small database driven
> website. My question is :- In the 'users' table the password field is set
> out with 'VARCHAR(20) NOT NULL' to give me a maximum length of 20
> characters, how can I specify a minimum password length of say 5
> characters? - Is this to be done in table creation or by some sort of input
> mask on the 'register account' page?

The minumum length (and maximum, for that matter) is best handled at the
application level. A) It's easier there, and B) will give user better
feedback.

--
44. I will only employ bounty hunters who work for money. Those who work for
the pleasure of the hunt tend to do dumb things like even the odds to give
the other guy a sporting chance.
--Peter Anspach's list of things to do as an Evil Overlord