| From: | Gregory Seidman <gss+pg(at)cs(dot)brown(dot)edu> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Question on crypt password |
| Date: | 2002-05-24 19:02:08 |
| Message-ID: | 20020524150208.A13960@jamaica.cs.brown.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Neil Conway sez:
} On Fri, 24 May 2002 12:45:00 +0530
} "Arindam Haldar" <arindamhaldar(at)hotpop(dot)com> wrote:
} > hi,
} > i want to authenticate web users from postgrsql for which i created a
} > table having,among others, username & password... is there any data
} > types where password can be stored encrypted ?.. at present am vsing
} > varchar(16) but i c one (administrator) can read the password. i didnt
} > find any data type specifying encrypted type !...
}
} Use contrib/pgcrypto, store the hashed version of the password (say,
} using SHA1). When you want to check if the correct password is used,
} hash the string the user entered and compare it to the stored version.
Where is the documentation on this? Is it like what I wound up doing (see
below)?
Since I was coming from MySQL, I wanted the PASSWORD() function it has
builtin and I wound up writing it as a C function:
CREATE FUNCTION PASSWORD (text) RETURNS text
AS '/home/gss/src/crypt.so'
LANGUAGE C WITH (isstrict);
I can attach the C source if anyone is interested.
} Cheers,
} Neil
--Greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Darren Ferguson | 2002-05-24 19:03:06 | Re: Case Insensitive Data Type |
| Previous Message | Neil Conway | 2002-05-24 19:00:22 | Re: Case Insensitive Data Type |