Neil,
Thanks for your help! That's exactly what I was looking for.
Kevin
-----Original Message-----
From: Neil Saunders [mailto:n.j.saunders@gmail.com]
Sent: Thursday, March 09, 2006 8:31 AM
To: Kevin Crenshaw
Cc: pgsql-novice@postgresql.org
Subject: Re: [NOVICE] Storing sensitive data
The usual way of doing this is by not storing the password, but
instead an MD5 representation of the password:
INSERT INTO users (username, password) VALUES ('kevin', MD5('mypassword'))
SELECT * FROM users WHERE username='kevin' AND password=MD5('mypassword');
This does mean that you won't know what your users passwords are, and
that a user can't be reminded of their password, only have it changed,
but these are usually un-important side effects.
Hope this helps,
Neil.
On 3/9/06, Kevin Crenshaw <kcrenshaw@viscient.com> wrote:
>
>
>
> I have a table that stores usernames and passwords and I want to encrypt
the
> passwords before they are stored in the database. Will postgresql do this
> for me, or do I have to do the encryption on the client side? Could you
> please point me to some instructions on how to accomplish this.
>
>
>
> Thanks for your help,
>
>
>
> kevin
>
>
