Thread: Storing passwords
My application needs to store user names and passwords in the database via JDBC connection. What is the right way to do this? What should be the database type of the password column? How do I encrypt the password before sending it to the database? What other database settings need to be enabled for this to work?
Thanks.
Oleg
*************************************
This e-mail may contain privileged or confidential material intended for the named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network.
*************************************
Oleg Lebedev writes: > My application needs to store user names and passwords in the database > via JDBC connection. What is the right way to do this? One table, one column for the name, one column for the password. > What should be the database type of the password column? text or bytea, depending on how you encrypt it. > How do I encrypt the password before sending it to the database? Check out contrib/pgcrypto. > What other database settings need to be enabled for this to work? None. -- Peter Eisentraut peter_e@gmx.net
Can Postgres JDBC driver encrypt a password before sending and inserting it into the password column? -----Original Message----- From: Peter Eisentraut [mailto:peter_e@gmx.net] Sent: Monday, December 01, 2003 1:32 PM To: Oleg Lebedev Cc: pgsql-general@postgresql.org Subject: Re: [GENERAL] Storing passwords Oleg Lebedev writes: > My application needs to store user names and passwords in the database > via JDBC connection. What is the right way to do this? One table, one column for the name, one column for the password. > What should be the database type of the password column? text or bytea, depending on how you encrypt it. > How do I encrypt the password before sending it to the database? Check out contrib/pgcrypto. > What other database settings need to be enabled for this to work? None. -- Peter Eisentraut peter_e@gmx.net ************************************* This e-mail may contain privileged or confidential material intended for the named recipient only. If you are not the named recipient, delete this message and all attachments. Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited. We reserve the right to monitor e-mail sent through our network. *************************************
You can create MD5 or SHA-1 digests with java.security.MessageDigest. They would be stored as text On Dec 1, 2003, at 4:01 PM, Oleg Lebedev wrote: > > Can Postgres JDBC driver encrypt a password before sending and > inserting > it into the password column? > > -----Original Message----- > From: Peter Eisentraut [mailto:peter_e@gmx.net] > Sent: Monday, December 01, 2003 1:32 PM > To: Oleg Lebedev > Cc: pgsql-general@postgresql.org > Subject: Re: [GENERAL] Storing passwords > > > Oleg Lebedev writes: > >> My application needs to store user names and passwords in the database > >> via JDBC connection. What is the right way to do this? > > One table, one column for the name, one column for the password. > >> What should be the database type of the password column? > > text or bytea, depending on how you encrypt it. > >> How do I encrypt the password before sending it to the database? > > Check out contrib/pgcrypto. > >> What other database settings need to be enabled for this to work? > > None. > > -- > Peter Eisentraut peter_e@gmx.net > > ************************************* > > This e-mail may contain privileged or confidential material intended > for the named recipient only. > If you are not the named recipient, delete this message and all > attachments. > Unauthorized reviewing, copying, printing, disclosing, or otherwise > using information in this e-mail is prohibited. > We reserve the right to monitor e-mail sent through our network. > > ************************************* > > > ---------------------------(end of > broadcast)--------------------------- > TIP 9: the planner will ignore your desire to choose an index scan if > your > joining column's datatypes do not match > -------------------- Andrew Rawnsley President The Ravensfield Digital Resource Group, Ltd. (740) 587-0114 www.ravensfield.com