> >> I would like to create a new table where one of the field would be a
> >> user password. Is there any data type for supporting this
> >> functionality? Something like Password DataType. I've taken a look
> of
> >> the available data types in PgAdmin Application and there is nothing
> >> similar to this.
> >
> > most commonly, passwords are stored as hashes, such as md5, rather
> > than plaintext. 'text' would be as suitable for this as anything,
> > or bytea, if you want to store the hashes in binary.
> >
> Thanks for your answers. Sorry for the questions but I'm new to Postgre
> :)
>
> The problem with a plain text password is that a user can see it by
> looking at the user table.
> Both suggest to use MD5. How can i use it? Any link, example about this
> would be very appreciated.
Insert new users like this:
insert into myusers (usernm, passwd) values ($user, MD5($pass));
So the paintext password is not stored. But you should still restrict
access to this table. Revoke rights to regular users.
When a user logs in, check for their access like this:
select * from myusers where usernm=$user and passwd=MD5($pass);
The hash of a particular password is always the same.
To make this scheme more secure, you should add a salt before hashing.
(You can find how to do this via google).
