| From: | "Adam Rich" <adam(dot)r(at)sbcglobal(dot)net> |
|---|---|
| To: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: field with Password |
| Date: | 2009-02-04 10:52:57 |
| Message-ID: | 0ae101c986b6$bdb20460$39160d20$@r@sbcglobal.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> >> I would like to create a new table where one of the field would be a
> >> user password. Is there any data type for supporting this
> >> functionality? Something like Password DataType. I've taken a look
> of
> >> the available data types in PgAdmin Application and there is nothing
> >> similar to this.
> >
> > most commonly, passwords are stored as hashes, such as md5, rather
> > than plaintext. 'text' would be as suitable for this as anything,
> > or bytea, if you want to store the hashes in binary.
> >
> Thanks for your answers. Sorry for the questions but I'm new to Postgre
> :)
>
> The problem with a plain text password is that a user can see it by
> looking at the user table.
> Both suggest to use MD5. How can i use it? Any link, example about this
> would be very appreciated.
Insert new users like this:
insert into myusers (usernm, passwd) values ($user, MD5($pass));
So the paintext password is not stored. But you should still restrict
access to this table. Revoke rights to regular users.
When a user logs in, check for their access like this:
select * from myusers where usernm=$user and passwd=MD5($pass);
The hash of a particular password is always the same.
To make this scheme more secure, you should add a salt before hashing.
(You can find how to do this via google).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Iñigo Barandiaran | 2009-02-04 10:56:21 | Re: field with Password |
| Previous Message | John R Pierce | 2009-02-04 10:46:40 | Re: field with Password |