retrieve password from an SQL db

[prathapml]

Hi, this is an MySQL db question.

I'd like to know, whether there's any chance that a person who has access to the MySQL database can run a query on it to find out a password? (let's say we are talking about a phpBB2 or IPB2 forum board user here)

I'm asking this, just to know how safe is a password.

TIA

[zivan56]

Most bulletin boards (if not all newer ones) store an MD5 hash of a password. The only way they could find the original text password is if they try to generate random passwords and find the md5 sum for each random one; matching it up untill they get the same. Since most people find this takes very long, they will usually not bother with it.

[prathapml]

Thank you for the insight zivan56.

I have one more question as well:

When I register at a phpBB2 board, the e-mail validation message sent to me would contain my username and password in clear text. Any idea on how that works, or whether it has any implications that the password is readable by anybody else (other than me) ?

Happy christmas holidays!

[brian873]

Just for your info...

I have been playing around with a web host that uses fantastico to install software I have found that once installed via fantastico some php software's passwords can be found going through the PHP MyAdmin utility.

Will see if I can compile a list

hail hail

[Tarun]

Hi, this is an MySQL db question.

I'd like to know, whether there's any chance that a person who has access to the MySQL database can run a query on it to find out a password? (let's say we are talking about a phpBB2 or IPB2 forum board user here)

I'm asking this, just to know how safe is a password.

TIA

Passwords are encrypted via MD5. You cannot reverse this at all. As far as the passwords being altered within phpMyAdmin, that I do not know but I do not believe it would be possible.

[Arun]

Does anyone know whether it is possible to retrieve the MySQL database's password through cPanel or phpmyadmin ?