While I haven't used this method with MySQL, I have
used (and seen others use) the following method for
authentication using an RDBMS.
Capture the users password, and use Perl's crypt to encrypt it
( I've see the salt stored in the database as well as the
salt derived from a standard repeatable function). Store
the encrypted password. At login, take the users password
as entered and encrypt using the same method. Then compare
the two encrypted strings. If they match, let them in.
Once nice thing about this method, is that crypt is part of Perl, thus
can be portable across platforms.
I am interested in other methods of doing this, or of any
stories from others where this sort of method was insufficient.
One scenario I am currently dealing with is an application that uses
a set of login tables that have Perl crypted passwords. the app is
a Cold Fusion app on NT. They cannot grok the passwords...so we had
to provide a workaround (that's a story for some other node)
Disclaimer: The above method I mention has only been utilized
in either an inside-the-firewall or https connections. If not
using encrypted tranmissions or safe behind a firewall, your passwords
will be sent in the clear...thus sniffable by the bad guys.