Question on crypt password
hi,
i want to authenticate web users from postgrsql for which i created a
table having,among others, username & password... is there any data
types where password can be stored encrypted ?.. at present am vsing
varchar(16) but i c one (administrator) can read the password. i didnt
find any data type specifying encrypted type !...
thanking in advance
A.H
On Fri, 24 May 2002, Arindam Haldar wrote:
i want to authenticate web users from postgrsql for which i created a
table having,among others, username & password... is there any data
types where password can be stored encrypted ?.. at present am vsing
varchar(16) but i c one (administrator) can read the password. i didnt
find any data type specifying encrypted type !...
mod_auth_pgsql for Apache has an option to read encrypted passwords. You
can choose betwen plain, md5 an crypt. But it doesn't bother how you
inserted it into the table. Seems that you have to encrypt it with your
favourite tool before you insert it. In the table it's just a
text/varchar type AFAIK.
--
PGP/GPG Key-ID:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xB5A1AFE1
On Fri, 24 May 2002 12:45:00 +0530
"Arindam Haldar" <arindamhaldar@hotpop.com> wrote:
hi,
i want to authenticate web users from postgrsql for which i created a
table having,among others, username & password... is there any data
types where password can be stored encrypted ?.. at present am vsing
varchar(16) but i c one (administrator) can read the password. i didnt
find any data type specifying encrypted type !...
Use contrib/pgcrypto, store the hashed version of the password (say,
using SHA1). When you want to check if the correct password is used,
hash the string the user entered and compare it to the stored version.
Cheers,
Neil
--
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC
Neil Conway sez:
} On Fri, 24 May 2002 12:45:00 +0530
} "Arindam Haldar" <arindamhaldar@hotpop.com> wrote:
} > hi,
} > i want to authenticate web users from postgrsql for which i created a
} > table having,among others, username & password... is there any data
} > types where password can be stored encrypted ?.. at present am vsing
} > varchar(16) but i c one (administrator) can read the password. i didnt
} > find any data type specifying encrypted type !...
}
} Use contrib/pgcrypto, store the hashed version of the password (say,
} using SHA1). When you want to check if the correct password is used,
} hash the string the user entered and compare it to the stored version.
Where is the documentation on this? Is it like what I wound up doing (see
below)?
Since I was coming from MySQL, I wanted the PASSWORD() function it has
builtin and I wound up writing it as a C function:
CREATE FUNCTION PASSWORD (text) RETURNS text
AS '/home/gss/src/crypt.so'
LANGUAGE C WITH (isstrict);
I can attach the C source if anyone is interested.
} Cheers,
} Neil
--Greg
On Fri, 24 May 2002 15:02:08 -0400
"Gregory Seidman" <gss+pg@cs.brown.edu> wrote:
Neil Conway sez:
} Use contrib/pgcrypto, store the hashed version of the password (say,
} using SHA1). When you want to check if the correct password is used,
} hash the string the user entered and compare it to the stored version.Where is the documentation on this?
In contrib/pgcrypto/README.pgcrypto, which is part of the PostgreSQL
source tree. Perhaps it should be better documented -- it's quite a
neat package.
Is it like what I wound up doing (see below)?
Similar, but a lot more powerful.
Cheers,
Neil
--
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC
On Fri, 2002-05-24 at 22:02, Gregory Seidman wrote:
Since I was coming from MySQL, I wanted the PASSWORD() function it has
builtin and I wound up writing it as a C function:
I can attach the C source if anyone is interested.
Hi. I'd be interested in that.
Does it duplicate MySQL's PASSWORD() exactly? I need to import hashes
from MySQL to PostgreSQL.
Timo