From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Klaus Sonnenleiter <klaus(at)sonnenleiter(dot)com> |
Cc: | Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com>, Stefan Fiel <fstefan(at)cable(dot)vol(dot)at>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: password encryption |
Date: | 2002-08-22 02:12:57 |
Message-ID: | 200208220212.g7M2Cw622950@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Never mind what I just said. I see the issue of encrypting before being
sent over the wire. We do that for PostgreSQL password, but if you want
to do it for a value before it is sent over the wire, you can use an SSL
connection to the database, or some client-side encryption.
---------------------------------------------------------------------------
Klaus Sonnenleiter wrote:
> To protect your passwords effectively, you probably want them encrypted before
> they go on the wire, so you will need to put the encryption capability in the
> application, not in the database. This way you will only transmit and store
> encrypted data. Take a look at cryptix.org for some pretty good Java and Perl
> implementations.
>
> On Wednesday 21 August 2002 05:36, Tim Ellis wrote:
> > > i like to store passwords for a webapplication in my postgre database.
> > >
> > > now i'm searching for a way to encrypt the passwords, something like the
> > > function password() for mysql.
> >
> > I always run my passwords through md5sum(), which is an open source
> > implementation, and thus seems to've been written in every language out
> > there.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | David F. Skoll | 2002-08-22 02:19:17 | Re: OT: password encryption (salt theory) |
Previous Message | Bruce Momjian | 2002-08-22 02:11:42 | Re: password encryption |