From: | Iñigo Barandiaran <ibarandiaran(at)vicomtech(dot)org> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: field with Password |
Date: | 2009-02-04 10:56:21 |
Message-ID: | 49897455.7080602@vicomtech.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Thanks!
Ok. I've found http://256.com/sources/md5/ library. So the idea is to
define in the dataBase a Field of PlainText type. When I want to insert
a new user, I define a password, convert to MD5 hash with the library
and store it in the DataBase. Afterwards, any user check should get the
content of the DataBase of do the inverse process with the library. Is
it correct?
Thanks so much!!!!!!
Best,
> Iñigo Barandiaran wrote:
>> Thanks for your answers. Sorry for the questions but I'm new to
>> Postgre :)
>>
>> The problem with a plain text password is that a user can see it by
>> looking at the user table.
>> Both suggest to use MD5. How can i use it? Any link, example about
>> this would be very appreciated.
>
> md5 is a library function that converts a string to a 'hash',
> typically 32 bytes. so, when the user enters a password, you encode
> it with md5() and compare it with the stored hash. the md5 hash is
> not readily reversible (although brute force techniques can
> theoretically come up with strings that will generate the same hash)
>
> otoh, any table used to store security information probably should not
> be directly viewable by the end user. application programming
> techniques for ensuring application security go far beyond the charter
> of this email list, however.
>
>
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | hubert depesz lubaczewski | 2009-02-04 11:36:03 | Re: field with Password |
Previous Message | Adam Rich | 2009-02-04 10:52:57 | Re: field with Password |