Re: MD5(MD5(pw)) OK? - Mailing list pgsql-general

From Tom Lane
Subject Re: MD5(MD5(pw)) OK?
Date
Msg-id 24744.1103322385@sss.pgh.pa.us
Whole thread Raw
In response to MD5(MD5(pw)) OK?  (Joachim Zobel <jzobel@heute-morgen.de>)
List pgsql-general
Joachim Zobel <jzobel@heute-morgen.de> writes:
> I am thinking about building a login, where the logged in users are
> stored in a table logins. To make it shure and documented the users have
> entered a password I want to store the MD5(pw) in logins. To make it
> impossible to fake logins entries I plan to store the MD5(MD5(pw)) in
> the users table and use this for authentication purposes.

> This seems like a good idea to me. Does anybody see any flaws?

Well, for one thing, it would be instantly apparent from the users table
if two users had chosen the same password.

You might want to copy the way things are done in the postgres pg_shadow
table, which from memory is something like MD5(MD5(pw) || username).

            regards, tom lane

pgsql-general by date:

Previous
From: Scott Marlowe
Date:
Subject: Re: unix_socket_directory
Next
From: "Guy Rouillier"
Date:
Subject: Re: Check if table exists