Joachim Zobel <jzobel@heute-morgen.de> writes:
> I am thinking about building a login, where the logged in users are
> stored in a table logins. To make it shure and documented the users have
> entered a password I want to store the MD5(pw) in logins. To make it
> impossible to fake logins entries I plan to store the MD5(MD5(pw)) in
> the users table and use this for authentication purposes.
> This seems like a good idea to me. Does anybody see any flaws?
Well, for one thing, it would be instantly apparent from the users table
if two users had chosen the same password.
You might want to copy the way things are done in the postgres pg_shadow
table, which from memory is something like MD5(MD5(pw) || username).
regards, tom lane
