Home > mailing lists

Re: Storing/Using Passwords - Mailing list pgsql-novice

From	Pascual De Ruvo
Subject	Re: Storing/Using Passwords
Date	May 18, 2005 13:02:10
Msg-id	fb73c1ee050518060120de28f3@mail.gmail.com Whole thread Raw
In response to	Re: Storing/Using Passwords (Sean Davis <sdavis2@mail.nih.gov>)
List	pgsql-novice

Tree view

On 5/18/05, Sean Davis <sdavis2@mail.nih.gov> wrote:

You can compute an MD5 hash in Java and store that. Then, when a user
enters a password, just compare the same MD5 hash to the value stored
in the database.

If you use oly the MD5 hash of the username, someone with access to the table could replace an existing password and gain access to the system.

In case you want to add an extra level of security you should make the hash unique to every username in YOUR system, in order to do this, you can concatenate the username, the password, an static text and a dynamic element (can be the OID of the row) , then compute the MD5 hash and store it in the users table. Then compute the MD5 hash with the same logic and compare it with the stored value any time you want to authenticate the user.

pgsql-novice by date:

From: "Schuhmacher, Bret"
Date: 18 May 2005, 12:58:10
Subject: Psql bug on Windows or pilot error? ;-)

From: John DeSoi
Date: 18 May 2005, 14:30:56
Subject: Re: Psql bug on Windows or pilot error? ;-)

Re: Storing/Using Passwords - Mailing list pgsql-novice

Previous

Next