Storing passwords

Oleg Lebedev writes:

My application needs to store user names and passwords in the database
via JDBC connection. What is the right way to do this?

One table, one column for the name, one column for the password.

What should be the database type of the password column?

text or bytea, depending on how you encrypt it.

How do I encrypt the password before sending it to the database?

Check out contrib/pgcrypto.

What other database settings need to be enabled for this to work?

None.

--
Peter Eisentraut peter_e@gmx.net

Can Postgres JDBC driver encrypt a password before sending and inserting
it into the password column?

-----Original Message-----
From: Peter Eisentraut [mailto:peter_e@gmx.net]
Sent: Monday, December 01, 2003 1:32 PM
To: Oleg Lebedev
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Storing passwords

Oleg Lebedev writes:

My application needs to store user names and passwords in the database

via JDBC connection. What is the right way to do this?

One table, one column for the name, one column for the password.

What should be the database type of the password column?

text or bytea, depending on how you encrypt it.

How do I encrypt the password before sending it to the database?

Check out contrib/pgcrypto.

What other database settings need to be enabled for this to work?

None.

--
Peter Eisentraut peter_e@gmx.net

*************************************

This e-mail may contain privileged or confidential material intended for the named recipient only.
If you are not the named recipient, delete this message and all attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise using information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network.

*************************************

You can create MD5 or SHA-1 digests with java.security.MessageDigest.
They would
be stored as text

On Dec 1, 2003, at 4:01 PM, Oleg Lebedev wrote:

Can Postgres JDBC driver encrypt a password before sending and
inserting
it into the password column?

-----Original Message-----
From: Peter Eisentraut [mailto:peter_e@gmx.net]
Sent: Monday, December 01, 2003 1:32 PM
To: Oleg Lebedev
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] Storing passwords

Oleg Lebedev writes:

My application needs to store user names and passwords in the database

via JDBC connection. What is the right way to do this?

One table, one column for the name, one column for the password.

What should be the database type of the password column?

text or bytea, depending on how you encrypt it.

How do I encrypt the password before sending it to the database?

Check out contrib/pgcrypto.

What other database settings need to be enabled for this to work?

None.

--
Peter Eisentraut peter_e@gmx.net

*************************************

This e-mail may contain privileged or confidential material intended
for the named recipient only.
If you are not the named recipient, delete this message and all
attachments.
Unauthorized reviewing, copying, printing, disclosing, or otherwise
using information in this e-mail is prohibited.
We reserve the right to monitor e-mail sent through our network.

*************************************

---------------------------(end of
broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if
your
joining column's datatypes do not match

--------------------

Andrew Rawnsley
President
The Ravensfield Digital Resource Group, Ltd.
(740) 587-0114
www.ravensfield.com