Thread: Urgent Help

Urgent Help

From
"Shreehari S"
Date:
:


Hello Sir,

I am new to PostGreSQL. I have problem in encrypt/decrypt of password field,
can you please help me out in
how to solve this.

I went through the pgcrypto.sql file under contrib folder but it was of no
help to me.

It will be of very helpfull if you send me some examples codes for insert
statements and select statements
for encrypt/decrypt.

This is very urgent.

Thanks
Shreehari S
SPAN Systems Corporation, Bangalore.
"Steering Progress, Together"
===================================================
This email message  and any  attachments is  confidential and
intended only  for the use  of an  individual or entity named  above
and  may  contain  information  that  is  privileged,  confidential or
exempt from disclosure under applicable law.  If you are not the
intended  recipient, you are notified that  any  dissemination,
distribution  or copying of this email is  strictly prohibited.If you
have received this email in error,  please   notify   us  immediately
by  return  email  or  itsupport@spanservices.com and  destroy the
original message.  Opinions, conclusions, and  other information
in this message  that do not relate to the official business of SPAN,
shall be  understood to be neither given nor endorsed by SPAN




Re: Urgent Help

From
"Daniel T. Staal"
Date:
On Fri, May 26, 2006 7:47 am, Shreehari S said:

> Hello Sir,
>
> I am new to PostGreSQL. I have problem in encrypt/decrypt of password
> field, can you please help me out in how to solve this.
>
> I went through the pgcrypto.sql file under contrib folder but it was of
> no help to me.
>
> It will be of very helpfull if you send me some examples codes for insert
>  statements and select statements for encrypt/decrypt.
>
> This is very urgent.

Just noticing that no one appears to have replied.

In general, Postgres does not have a 'password' record type.  Passwords
are normally (in my experience) stored in text fields, after being
*hashed*, not encrypted.

The hashing is a detail of the application that is storing data in
Postgres, but it is common to use MD5 or SHA hashes.

The advantage, or disadvantage, of hashing over encrypting is that it is
not possible to get the password from the hash.  To compare a password to
the stored version, you hash the password and compare the hashes.
(Hashing is also much faster than encrypting.)

Inserts and selects are therefore exactly the same as for any other record
type.  Any difference is in what you do before and afterwords.

Daniel T. Staal

---------------------------------------------------------------
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------


Re: Urgent Help

From
Date:
> Hello Sir,
>
> I am new to PostGreSQL. I have problem in
> encrypt/decrypt of password field,
> can you please help me out in
> how to solve this.
>
> I went through the pgcrypto.sql file under contrib
> folder but it was of no
> help to me.
>
> It will be of very helpfull if you send me some
> examples codes for insert
> statements and select statements
> for encrypt/decrypt.
>
> This is very urgent.
>
> Thanks
> Shreehari S
> SPAN Systems Corporation, Bangalore.
> "Steering Progress, Together"

Shreehari,

here is a PHP tutorial discussing salting and hashing.

http://phpsec.org/articles/2005/password-hashing.html

if you use a different programming language, you can
take the principles and apply them to your language.

best of luck.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com