Thread: encryption for postgres
I need to save user ids and passwords to be used for access to records in a database. The passwords should be encrypted before saving. Are there builtin or standard php functions to do encryption/decryption or does one need to add a library to a standard php install (RedHat 7.1). Cheers, Tom Tom Hodges, hodges@xprt.net or tom_hodges@yahoo.com ICQ 10149621, YahooMessenger tom_hodges Mail: 14314 SW Allen Blvd, #317; Beaverton OR 97005 USA
On Sun, 14 Oct 2001 hodges@xprt.net wrote: > I need to save user ids and passwords to be used for access > to records in a database. The passwords should be encrypted > before saving. Are there builtin or standard php functions > to do encryption/decryption or does one need to add a library > to a standard php install (RedHat 7.1). http://www.php.net/manual/en/function.crypt.php or, for better security, http://www.php.net/manual/en/function.md5.php (btw, found this by searching for 'encryption' on the homepage at php.net.) -- Joel BURTON | joel@joelburton.com | http://joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
> http://www.php.net/manual/en/function.crypt.php > > or, for better security, > > http://www.php.net/manual/en/function.md5.php How is md5 more secure?
There are such functions for both PHP and PostgreSQL -- check out pgcrypto in the contrib directory of the tarball for PostgreSQL support and the mcrypt functions for PHP support... Both link to external libraries.. Note that MD5 and DES encryption might be available without linking to external libs but those are one-way encryptions.... -Mitch ----- Original Message ----- From: <hodges@xprt.net> To: <pgsql-php@postgresql.org> Sent: Sunday, October 14, 2001 6:50 PM Subject: [PHP] encryption for postgres > I need to save user ids and passwords to be used for access > to records in a database. The passwords should be encrypted > before saving. Are there builtin or standard php functions > to do encryption/decryption or does one need to add a library > to a standard php install (RedHat 7.1). > > Cheers, Tom > Tom Hodges, hodges@xprt.net or tom_hodges@yahoo.com > ICQ 10149621, YahooMessenger tom_hodges > Mail: 14314 SW Allen Blvd, #317; Beaverton OR 97005 USA > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly >
Hi Tom, There is a standard function - 'crypt( )' . I'm afraid I can't give you a detailed run down on how to use it off the top of my head, but the manual covers it pretty well, and you can also check it out at http://www.php.net If you need more serious security there are other encryption functions around, but I think you have to load most of these in as separate modules. I seem to remember that php builder have done a couple of good articles on such things (don't quote me on that though). Cheers, Ben Westgarth hodges@xprt.net on 15/10/2001 08:50:20 To: pgsql-php@postgresql.org cc: (bcc: Ben Westgarth/User/FaCS) Subject: [PHP] encryption for postgres I need to save user ids and passwords to be used for access to records in a database. The passwords should be encrypted before saving. Are there builtin or standard php functions to do encryption/decryption or does one need to add a library to a standard php install (RedHat 7.1). Cheers, Tom Tom Hodges, hodges@xprt.net or tom_hodges@yahoo.com ICQ 10149621, YahooMessenger tom_hodges Mail: 14314 SW Allen Blvd, #317; Beaverton OR 97005 USA ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly
Attachment
Thanks for all the advice on encryption. I am just looking for one way encryption so I will use crypt with either md5 or blowfish, depending on which is available. Cheers, Tom
On Sun, 14 Oct 2001 hodges@xprt.net wrote: > I need to save user ids and passwords to be used for access > to records in a database. The passwords should be encrypted > before saving. Are there builtin or standard php functions > to do encryption/decryption or does one need to add a library > to a standard php install (RedHat 7.1). http://www.php.net/manual/en/function.crypt.php or, for better security, http://www.php.net/manual/en/function.md5.php (btw, found this by searching for 'encryption' on the homepage at php.net.) -- Joel BURTON | joel@joelburton.com | http://joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org