I’ve created a view of a table on a MySQL database to enable another

Question

0

Asked: May 12, 20262026-05-12T08:46:11+00:00 2026-05-12T08:46:11+00:00

I’ve created a view of a table on a MySQL database to enable another

0

I’ve created a view of a table on a MySQL database to enable another application to use our existing (centralized) clients table.

Our passwords are stored as

md5(password + salt) + “:” + salt

Normally I decode this via a programming language of the given app we’re connecting to it but…

This time it’s a third party app and I only have SQL and one query to authorize a user.

Can you help me create a valid SQL query to authenticate?

The logic is straight forward:

Get salt for the given user, (everything after the colon)
combine the password and the salt
MD5 the password and salt
then compare the resulted md5 hash

the default sql query for this app is

select * from users
where userName=? and userPass=?

Thanks in advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T08:46:11+00:00

I tried this and it works:

SELECT * FROM users
WHERE userPass = CONCAT( 
  MD5(CONCAT('xyzzy', (@salt := SUBSTRING_INDEX(userPass, ':', -1)))), 
  ':', @salt)
AND userName = 'bkarwin';

I know you probably don’t have the freedom to change anything, but FWIW, MD5() is not considered strong enough encryption for passwords. It’s recommended to use SHA-256, which is available through the SHA2() function in MySQL 6.0.5.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve created a view of a table on a MySQL database to enable another

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply