Password Encryption to replicate MySQL PASSWORD function - Mailing list pgsql-php
| From | Luke Woollard |
|---|---|
| Subject | Password Encryption to replicate MySQL PASSWORD function |
| Date | |
| Msg-id | NGBBIAJCILLOIJPKMOIFEECECMAA.luke@taborvision.com Whole thread Raw |
| In response to | Re: Creating md5 passwords in PHP for the PostgreSQL pg_shadow table (Matthew Horoschun <mhoroschun@canprint.com.au>) |
| Responses |
Re: Password Encryption to replicate MySQL PASSWORD function
(Matthew Horoschun <mhoroschun@canprint.com.au>)
Re: Password Encryption to replicate MySQL PASSWORD function (Joe Conway <mail@joeconway.com>) |
| List | pgsql-php |
I have a program that set's a database up with a PHP script.
It automatically inserts a generic 'user' into a 'members' table.
Each user has a password.
In mysql I have used the 'PASSWORD('someString')' function to encrypt each
users password. When authenticating a user for system use, I use the same
function to compare encrypted password.
How is this easiily achieved in Postgresql? (as there is no 'PASSWORD'
function)
Below is the table structure (simplified for this example)
CREATE TABLE users (
userid serial (auto_increment if using mysql),
name varchar(100),
password varchar(200),
PRIMARY KEY(userid, name) );
Here is what I would do with MySQL to set up the default user:
INSERT INTO users (name, password) VALUES ('john citizen',
PASSWORD('someString'));
Is there any way to replicate this with PostgreSQL or a better way to
authenticate users with both databases (md5 or similar) ????
I'd rather keep the encryption/and or md5 logic out of the scripts and in
the database if possible. (unless there is a reason not to..)
-----Original Message-----
From: pgsql-php-owner@postgresql.org
[mailto:pgsql-php-owner@postgresql.org]On Behalf Of Matthew Horoschun
Sent: Tuesday, 21 January 2003 9:10 AM
To: David Busby
Cc: pgsql-php@postgresql.org
Subject: Re: [PHP] Creating md5 passwords in PHP for the PostgreSQL
pg_shadow table
Hi David,
Thanks for the reply.
Unfortunately, thats not quite the problem. I want to create passwords
that will work in the pg_shadow table. So, I need them to be calculated
in exactly the same way PostgreSQL does when you do a CREATE USER
matthew WITH PASSWORD testing.
For example, If I create a user in PostgreSQL called 'matthew' with
password 'testing', I get pg_shadow entry with passwd:
md5759af56ffaf865413f7a50b4fae20ea3
but, if I do a simple md5 of 'testing' like you've done below, I get:
ae2b1fca515949e5d54fb22b8ed95575
As you can see, those don't match.
Perhaps I'm missing something though?
Cheers
Matthew.
On Tuesday, January 21, 2003, at 05:27 AM, David Busby wrote:
> Matthew,
> I just use something like
> $pass = $_POST['pass'];
> $e_pass = md5($passs);
> Maybe not as secure as two md5s, but have you ever tried to
> reverse one
> md5 checksum?
--
Matthew Horoschun
Network Administrator
CanPrint Communications Pty. Ltd.
Mobile: 0417 282 378
Direct: (02) 6295 4544
Telephone: (02) 6295 4422
Facsimile: (02) 6295 4473
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo@postgresql.org)