Thread: Storing passwords

Storing passwords

From
Oleg Lebedev
Date:
 
My application needs to store user names and passwords in the database via JDBC connection. What is the right way to do this? What should be the database type of the password column? How do I encrypt the password before sending it to the database? What other database settings need to be enabled for this to work?
 
Thanks.
 
Oleg

*************************************

This e-mail may contain privileged or confidential material intended for the named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network.

*************************************

Re: Storing passwords

From
Peter Eisentraut
Date:
Oleg Lebedev writes:

> My application needs to store user names and passwords in the database
> via JDBC connection. What is the right way to do this?

One table, one column for the name, one column for the password.

> What should be the database type of the password column?

text or bytea, depending on how you encrypt it.

> How do I encrypt the password before sending it to the database?

Check out contrib/pgcrypto.

> What other database settings need to be enabled for this to work?

None.

--
Peter Eisentraut   peter_e@gmx.net


Re: Storing passwords

From
Oleg Lebedev
Date:
Can Postgres JDBC driver encrypt a password before sending and inserting
it into the password column?

-----Original Message-----
From: Peter Eisentraut [mailto:peter_e@gmx.net]
Sent: Monday, December 01, 2003 1:32 PM
To: Oleg Lebedev
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Storing passwords


Oleg Lebedev writes:

> My application needs to store user names and passwords in the database

> via JDBC connection. What is the right way to do this?

One table, one column for the name, one column for the password.

> What should be the database type of the password column?

text or bytea, depending on how you encrypt it.

> How do I encrypt the password before sending it to the database?

Check out contrib/pgcrypto.

> What other database settings need to be enabled for this to work?

None.

--
Peter Eisentraut   peter_e@gmx.net

*************************************

This e-mail may contain privileged or confidential material intended for the named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network.

*************************************


Re: Storing passwords

From
Andrew Rawnsley
Date:
You can create MD5 or SHA-1 digests with java.security.MessageDigest.
They would
be stored as text



On Dec 1, 2003, at 4:01 PM, Oleg Lebedev wrote:

>
> Can Postgres JDBC driver encrypt a password before sending and
> inserting
> it into the password column?
>
> -----Original Message-----
> From: Peter Eisentraut [mailto:peter_e@gmx.net]
> Sent: Monday, December 01, 2003 1:32 PM
> To: Oleg Lebedev
> Cc: pgsql-general@postgresql.org
> Subject: Re: [GENERAL] Storing passwords
>
>
> Oleg Lebedev writes:
>
>> My application needs to store user names and passwords in the database
>
>> via JDBC connection. What is the right way to do this?
>
> One table, one column for the name, one column for the password.
>
>> What should be the database type of the password column?
>
> text or bytea, depending on how you encrypt it.
>
>> How do I encrypt the password before sending it to the database?
>
> Check out contrib/pgcrypto.
>
>> What other database settings need to be enabled for this to work?
>
> None.
>
> --
> Peter Eisentraut   peter_e@gmx.net
>
> *************************************
>
> This e-mail may contain privileged or confidential material intended
> for the named recipient only.
> If you are not the named recipient, delete this message and all
> attachments.
> Unauthorized reviewing, copying, printing, disclosing, or otherwise
> using information in this e-mail is prohibited.
> We reserve the right to monitor e-mail sent through our network.
>
> *************************************
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 9: the planner will ignore your desire to choose an index scan if
> your
>       joining column's datatypes do not match
>
--------------------

Andrew Rawnsley
President
The Ravensfield Digital Resource Group, Ltd.
(740) 587-0114
www.ravensfield.com