While I haven't used this method with MySQL, I have used (and seen others use) the following method for authentication using an RDBMS.

Capture the users password, and use Perl's crypt to encrypt it ( I've see the salt stored in the database as well as the salt derived from a standard repeatable function). Store the encrypted password. At login, take the users password as entered and encrypt using the same method. Then compare the two encrypted strings. If they match, let them in. Once nice thing about this method, is that crypt is part of Perl, thus can be portable across platforms.

I am interested in other methods of doing this, or of any stories from others where this sort of method was insufficient. One scenario I am currently dealing with is an application that uses a set of login tables that have Perl crypted passwords. the app is a Cold Fusion app on NT. They cannot grok the passwords...so we had to provide a workaround (that's a story for some other node)

Disclaimer: The above method I mention has only been utilized in either an inside-the-firewall or https connections. If not using encrypted tranmissions or safe behind a firewall, your passwords will be sent in the clear...thus sniffable by the bad guys.

Rather than use crypt(), I'd recommend thinking about MD5 style hashing for the password encryption. I ++ed this post because of the 'HTTPS' recommendation. In-the-clear passwords protect nothing from the dishonest, they just keep honest people honest.

--
$you = new YOU;
honk() if $you->love(perl)

I'll have to take a look at MD5 style hashing, thanks for the alternative.

on the issue of clear transmissions... Due to issues that can only happen in large organizations, we are fighting a move to remove SSL from our single-login system to a straight http configuration... the reason? Users are getting fed up with accepting certificates, and being warned of a redirect (netscape is the standard and this dialog cannot be "turned off") and complaining loudly. I wish I could say I was making this up for a Dilbert/UserFriendly strip, but I am not...they want to remove the security from the security system.

Next they'll remove the door security because people are growing tired of having to swipe their badges through...arghhhh

If someone wants to write a Perl module that thwarts stupidity, I'll beta test!

It's a bit of a pain to install, mainly because the maintainer and primary website has vanished, but the code still works (available from the Mysql site contribs), and it's open source so you can correct it as needed. The trick to installing it is realizing that it wants the _build_ directories for apache and mysql, not the _install_ directories. (Why, I don't know).