Re: field with Password

From: Iñigo Barandiaran <ibarandiaran(at)vicomtech(dot)org>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: field with Password
Date: 2009-02-04 10:56:21
Message-ID: 49897455.7080602@vicomtech.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Thanks!

Ok. I've found http://256.com/sources/md5/ library. So the idea is to
define in the dataBase a Field of PlainText type. When I want to insert
a new user, I define a password, convert to MD5 hash with the library
and store it in the DataBase. Afterwards, any user check should get the
content of the DataBase of do the inverse process with the library. Is
it correct?

Thanks so much!!!!!!

Best,

> Iñigo Barandiaran wrote:
>> Thanks for your answers. Sorry for the questions but I'm new to
>> Postgre :)
>>
>> The problem with a plain text password is that a user can see it by
>> looking at the user table.
>> Both suggest to use MD5. How can i use it? Any link, example about
>> this would be very appreciated.
>
> md5 is a library function that converts a string to a 'hash',
> typically 32 bytes. so, when the user enters a password, you encode
> it with md5() and compare it with the stored hash. the md5 hash is
> not readily reversible (although brute force techniques can
> theoretically come up with strings that will generate the same hash)
>
> otoh, any table used to store security information probably should not
> be directly viewable by the end user. application programming
> techniques for ensuring application security go far beyond the charter
> of this email list, however.
>
>
>
>

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message hubert depesz lubaczewski 2009-02-04 11:36:03 Re: field with Password
Previous Message Adam Rich 2009-02-04 10:52:57 Re: field with Password