Hashing Passwords in Existing Database

TMR · November 9, 2022, 8:30pm

Hi all,

I’ve inherited quite a large database (MariaDB) for a new project, at present the PW fields are all clear text so I’ll need to hash them. On the front-end Im planning on creating a user registration system using hashing taken from the excellent tutorial by @ben - here it is for anyone that needs it: https://www.youtube.com/watch?v=6XbObePPYCM

Has anyone hashed clear text password fields on a fully populated database…? I’ve got a rough idea of maybe how to do it but instead of stabbing in the dark I thought I’d put the feelers out to the big guns in this forum

I guess one scenario would be to fill the PW field with random characters then email out the end users and ask them all to click a reset password link, is this about the best option…?

Sorry_Duh · November 9, 2022, 9:03pm

How about adding a new temporary Boolean field to your users table and set it to a default of 0

Then create a workflow that queries the users table and gets any records where this new field is 0

Repeat all the records, in the repeat hash the password and update the database with the new password set the Boolean to 1

The Boolean is just incase for some reason the repeat has a error and stops half way through you’d still know which are and aren’t updated by the Boolean

Never tried this so definitely create a backup first

Also not sure if you could do anything directly in the database to just update the entire column with SQL but this is just an idea maybe the community will have easier ways.

TMR · November 9, 2022, 9:30pm

That sounds like it’ll be a winner, I was thinking more about adding directly into the database (I use HeidiSQL for any direct-to-DB stuff) but I like the simplicity of this.