| From: | Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> |
|---|---|
| To: | "Arindam Haldar" <arindamhaldar(at)hotpop(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Question on crypt password |
| Date: | 2002-05-24 18:44:29 |
| Message-ID: | 20020524144429.175b81e3.nconway@klamath.dyndns.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, 24 May 2002 12:45:00 +0530
"Arindam Haldar" <arindamhaldar(at)hotpop(dot)com> wrote:
> hi,
> i want to authenticate web users from postgrsql for which i created a
> table having,among others, username & password... is there any data
> types where password can be stored encrypted ?.. at present am vsing
> varchar(16) but i c one (administrator) can read the password. i didnt
> find any data type specifying encrypted type !...
Use contrib/pgcrypto, store the hashed version of the password (say,
using SHA1). When you want to check if the correct password is used,
hash the string the user entered and compare it to the stored version.
Cheers,
Neil
--
Neil Conway <neilconway(at)rogers(dot)com>
PGP Key ID: DB3C29FC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-05-24 18:47:31 | Re: Case Insensitive Data Type |
| Previous Message | Neil Conway | 2002-05-24 18:42:48 | Re: Using the EXPLAIN results |