From: | Jason Hihn <jhihn(at)paytimepayroll(dot)com> |
---|---|
To: | Michael Fuhr <mfuhr+pgsql-general(at)fuhr(dot)org>, Pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Authentication Question |
Date: | 2003-12-16 17:36:05 |
Message-ID: | NGBBLHANMLKMHPDGJGAPGEEPDCAA.jhihn@paytimepayroll.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Ah, wonderful! Now I can convert existing Postgres users to my own table and
keep their passwords, if I choose to go that way. I'm reading up on groups
now... Done (not much to read!)
Thanks for the help!
> -----Original Message-----
> From: Michael Fuhr [mailto:mfuhr+pgsql-general(at)fuhr(dot)org]
> Sent: Tuesday, December 16, 2003 12:09 PM
> To: Jason Hihn; Pgsql-general
> Subject: Re: [GENERAL] Authentication Question
>
>
> On Tue, Dec 16, 2003 at 10:57:06AM -0600, Bruno Wolff III wrote:
> > On Tue, Dec 16, 2003 at 10:54:47 -0500,
> > Jason Hihn <jhihn(at)paytimepayroll(dot)com> wrote:
> >
> > > Now if I don't use the built in auth, I have to do permission
> checks myself.
> > > But the bigger problem is I don't want to store plain text
> passwords in MY
> > > users table, so I was going to use md5. But then I checked, and the
> > > pg_shadow entry has 'md5' prepended to what I assume is the
> md5 hash of my
> > > password. But when I ask for a md5 hash of my password, I
> don't get the same
> > > number.
> >
> > I don't know for sure, but I would expect that something is
> being used as
> > a salt. This is normal as it makes using prebuilt dictionaries more
> > difficult and prevents you from being able to tell if two accounts
> > have the same password just by looking at the hash.
>
> The user name is the salt:
>
> mydb=# create user johndoe with password 'opensesame';
> CREATE USER
> mydb=# select passwd from pg_shadow where usename = 'johndoe';
> passwd
> -------------------------------------
> md5a7350a3bb54a151a858758c7266c57bd
> (1 row)
>
> mydb=# select md5('opensesame' || 'johndoe');
> md5
> ----------------------------------
> a7350a3bb54a151a858758c7266c57bd
> (1 row)
>
> --
> Michael Fuhr
> http://www.fuhr.org/~mfuhr/
>
From | Date | Subject | |
---|---|---|---|
Next Message | Rory Campbell-Lange | 2003-12-16 17:52:59 | DB with bytea types reload problem |
Previous Message | Rick Gigger | 2003-12-16 17:31:05 | Re: add column sillyness |