Thread: Crypt in queries and functions?

Crypt in queries and functions?

From

Owen Jacobson

Date:

30 January 2003, 00:19:40

Salve.

I'm writing Yet Another Web Forum and I'm using pgsql as the backend.
I'd like to do user creation and authentication through functions,
rather like:

SELECT Create_User ('Owen', 'password', 'ojacobson@mx-deus.net');

Passwords should, for obvious reasons, be stored encrypted.  I'm
inclined to do this in a unixish way, using crypt().  However, there
doesn't seem to be a crypt function in PostgreSQL's function list.  How
would I go about wrapping or importing the C one?  Is there a better way?

Ideally I'd like to be able to do something like

(table Users has column Password as varchar)

SELECT * FROM Users WHERE crypt('untested password', Password) = Password;

to verify passwords.

Any thoughts?

Owen

Re: Crypt in queries and functions?

From

Neil Conway

Date:

30 January 2003, 00:43:21

On Wed, 2003-01-29 at 21:24, Owen Jacobson wrote:
> Passwords should, for obvious reasons, be stored encrypted.  I'm
> inclined to do this in a unixish way, using crypt().  However, there
> doesn't seem to be a crypt function in PostgreSQL's function list.

http://www.ca.postgresql.org/docs/faq-english.html#4.28

Short answer: use contrib/pgcrypto

Cheers,

Neil
--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC