Thread: encrypting a password field in the database

Hello,

One of my fields is used to store a password field.  I would like this
field to be encrypted.  The way we do it now is to have our perl scripts
encrypt it before inserting it and decrypt it after selecting it.  This
is something of a pain because there are 4 different machines that have
need of this functionality, so that means I have to maintain 4 installs
of the helper module that contains the encryption/decryption code.  It
makes more sense to me to localize this in the database itself, and
provide a pair of functions to encrypt and decrypt a string which we
would use when inserting/selecting the password.  However, I looked into
plperl and realized (the hard way) that plperl restricts you from doing
anything useful like use Crypt::Blowfish; for security reasons.  Is
there another way I could localize this code (or something that performs
the same function) in the database or at least on the server that runs
the database?

Thanks,
Fran

Stephen Robert Norris wrote:

> In general it is extremely poor security if _anyone_ is able to
> decrypt the password. So, use a hash function instead - SHA1 is nice.

No, I actually really do need two-way encryption.  The passwords will later
be used to do automated remote logins, so I'll need the plaintext back at
some point.  I'm aware of the security ramifications; we have other means of
securing the situation.  Is there any built-in two way encryption in Pg?
I imagine this is a fairly common problem for businesses that want to store
customer credit card information for recurring payments or something similar.

Thanks,
Fran