| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Password encryption method |
| Date: | 2007-01-19 15:41:49 |
| Message-ID: | 20070119154149.GA13687@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Jan 19, 2007 at 09:31:49 +0100,
Bertram Scharpf <lists(at)bertram-scharpf(dot)de> wrote:
> Hi,
>
> looking at the source code I find out that this works:
>
> sandbox=# create role joe login password 'verysecret';
> CREATE ROLE
> sandbox=# create function validate_user_8_1(text,text) returns boolean immutable language 'sql' as $$ select 'md5'||md5($2||$1) = rolpassword from pg_authid where rolname=$1; $$;
> CREATE FUNCTION
> sandbox=# select validate_user_8_1('joe','verysecret');
> validate_user_8_1
> -------------------
> t
> (1 Zeile)
>
> May I rely on this in future versions or are there more
> sophisticated ways to do it?
I don't know that I would 'rely' on it, but it doesn't seem like something
that is likely to change any time soon. But I could see there being alternate
hash functions being used eventually.
It might make more sense to use your own table of users and hashed passwords
rather than postgres'. This would depend somewhat on the overlap of users who
are using your application and those who connect directly to the database.
If there isn't much overlap, having a separate table is probably better.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Harding | 2007-01-19 16:07:55 | A Picture is Worth |
| Previous Message | Scott Ribe | 2007-01-19 15:08:39 | Re: PG not rejecting bad dates (was Re: Finding bogus |