Maybe a little example
- create a table with two columns: username and password (eg. tbl_users)
- in a secure environment (thus not over the internet) insert records into the table
INSERT INTO tbl_users(username, password) VALUES ('John', md5('johnspassword'))
- make a website with a login page (= a form with two fields: frm_username and frm_password)
- let a javascript md5 function hash the password before sending the form field values to the webserver
that way the password doensn't go over the internet in an unprotected way
- let your webserver (eg with php) compare the received password (= hashed) with the one in tbl_users
select count(*) from tbl_users where username = [value from frm_username] and password = [value from frm_password]
if the password is ok then count will be 1
- the user has been authenticated and can go on
now you can start a session in your website, etc etc
if count was 0 you should resent the login form with a notice "wrong password"
>>> John DeSoi <desoi@pgedit.com> 2007-03-01 14:25 >>>
MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
hash passwords. For example:
select md5('this is my password');
md5
----------------------------------
210d53992dff432ec1b1a9698af9da16
(1 row)
On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> Thanks Andrej. But how can I use such algoritms in postgresql? arey
> they defined in a function that I can call?
>
> Or, do I have to code one of those algorithm to use it in my
> application?
John DeSoi, Ph.D.
http://pgedit.com/Power Tools for PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
