Thread: Encrypting fields with a one-way hash
Hi,
I'm new to PostgreSQL, but have installed it on a RedHat 6.2 box. We are
currently trying to migrate our existing MySQL applications to PostgreSQL,
but the differences in syntax are presenting a few problems.
My main stumbling block is the apparent lack of a function to form a hash
(or other one-way encrypt) of a password to enter as a field in the
database. The old SQL looks something like:
> INSERT INTO Users (Name, Password) VALUES ('John Smith',
PASSWORD('mypassword'))
This works because "PASSWORD" is an internal function in MySQL. Is there a
similar function in PostgreSQL, or some other way of achieving the same
effect? The data itself is not being moved over, so there is no need for the
same algorithm to be used.
Thanks for any and all help,
**********************************************************
Alexi Margo
Internet Systems Manager
Wildwood Technology Ltd
http://www.wwood.co.uk/
t +44-(0)20 8426 7777
f +44-(0)20 8426 5050
**********************************************************
This message is intended only for the use of the person(s) ("the Intended
Recipient") to whom it is addressed. It may contain information which is
privileged and confidential within the meaning of applicable law.
Accordingly any dissemination, distribution, copying or other use of this
message or any of its content by any person other than the Intended
Recipient may constitute a breach of civil or criminal law and is strictly
prohibited. If you are not the Intended Recipient please contact the sender
as soon as possible.
I don't believe there is an internal function for it, although it
would probably be an easy function to write in C and make available
with CREATE FUNCTION.
Stephan Szabo
sszabo@bigpanda.com
On Tue, 26 Sep 2000, Alexi Margo wrote:
> Hi,
>
> I'm new to PostgreSQL, but have installed it on a RedHat 6.2 box. We are
> currently trying to migrate our existing MySQL applications to PostgreSQL,
> but the differences in syntax are presenting a few problems.
>
> My main stumbling block is the apparent lack of a function to form a hash
> (or other one-way encrypt) of a password to enter as a field in the
> database. The old SQL looks something like:
>
> > INSERT INTO Users (Name, Password) VALUES ('John Smith',
> PASSWORD('mypassword'))
>
> This works because "PASSWORD" is an internal function in MySQL. Is there a
> similar function in PostgreSQL, or some other way of achieving the same
> effect? The data itself is not being moved over, so there is no need for the
> same algorithm to be used.
Hi,
I've some user-defined functions for pgSQL implementing hashing
algorithms (SHA-1, MD5) written using OpenSSL.
I never released them as contrib mainly because I've not
deeply tested them.
If you want, I can send you the sources: they compile quite clean
on my RedHat 6.1 box with PGSQL 7.0.x.
Let me know.
Regards
/gp
--
Discussion: How do you feel about Open Source firms making
millions through public offerings?
"I wish these companies were making the same millions without
distributing any non-free, user-subjugating software." --
Richard Stallman
"We're not here to let the monkey dances" --
g.p.
Gian Paolo Ciceri Via B.Diotti 45 - 20153 Milano MI ITALY
CTO @ TiALabs mobile : ++39 347 4106213
eMail : gp.ciceri@acm.org
webSite: http://www.tialabs.com
Hi, [ deletia ] > If you want, I can send you the sources: they compile quite clean > on my RedHat 6.1 box with PGSQL 7.0.x. Thank you, that would be very much appreciated. Is there not some way to bind to the UNIX hashing functions used in passwords, etc.? [ deletia ] Regards, ********************************************************** Alexi Margo Internet Systems Manager Wildwood Technology Ltd http://www.wwood.co.uk/ t +44-(0)20 8426 7777 f +44-(0)20 8426 5050 ********************************************************** This message is intended only for the use of the person(s) ("the Intended Recipient") to whom it is addressed. It may contain information which is privileged and confidential within the meaning of applicable law. Accordingly any dissemination, distribution, copying or other use of this message or any of its content by any person other than the Intended Recipient may constitute a breach of civil or criminal law and is strictly prohibited. If you are not the Intended Recipient please contact the sender as soon as possible.