Re: Question on crypt password - Mailing list pgsql-general

From Neil Conway
Subject Re: Question on crypt password
Date
Msg-id 20020524144429.175b81e3.nconway@klamath.dyndns.org
Whole thread Raw
In response to Question on crypt password  (Arindam Haldar <arindamhaldar@hotpop.com>)
Responses Re: Question on crypt password
List pgsql-general
On Fri, 24 May 2002 12:45:00 +0530
"Arindam Haldar" <arindamhaldar@hotpop.com> wrote:
> hi,
> i want to authenticate web users from postgrsql for which i created a
> table having,among others, username & password... is there any data
> types where password can be stored encrypted ?.. at present am vsing
> varchar(16) but i c one (administrator) can  read the password. i didnt
> find any data type specifying encrypted type !...

Use contrib/pgcrypto, store the hashed version of the password (say,
using SHA1). When you want to check if the correct password is used,
hash the string the user entered and compare it to the stored version.

Cheers,

Neil

--
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC

pgsql-general by date:

Previous
From: Neil Conway
Date:
Subject: Re: Using the EXPLAIN results
Next
From: Tom Lane
Date:
Subject: Re: Case Insensitive Data Type