From: | "Fernando Hevia" <fhevia(at)ip-tel(dot)com(dot)ar> |
---|---|
To: | "'Gary Chambers'" <gwchamb(at)gmail(dot)com>, "'D'Arcy J(dot)M(dot) Cain'" <darcy(at)druid(dot)net> |
Cc: | <jameskitambara(at)yahoo(dot)co(dot)uk>, <pgsql-sql(at)postgresql(dot)org> |
Subject: | Re: MAY I HAVE YOUR ASSISTANCE |
Date: | 2008-09-01 15:42:40 |
Message-ID: | 076f01c90c49$5e157420$8f01010a@iptel.com.ar |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
> -----Mensaje original-----
> De: pgsql-sql-owner(at)postgresql(dot)org
> [mailto:pgsql-sql-owner(at)postgresql(dot)org] En nombre de Gary Chambers
> Enviado el: Lunes, 01 de Septiembre de 2008 11:31
> Para: D'Arcy J.M. Cain
> CC: jameskitambara(at)yahoo(dot)co(dot)uk; pgsql-sql(at)postgresql(dot)org
> Asunto: Re: [SQL] MAY I HAVE YOUR ASSISTANCE
>
> >> I have one problem with the user table. I want to hide the
> password for the users.
>
> Here's what I did, which requires using the contrib/pgcrypto
> extension:
>
> CREATE FUNCTION encryptpw() RETURNS TRIGGER AS $encryptpw$ BEGIN
> NEW.password = CRYPT(NEW.password, GEN_SALT('md5'));
> RETURN NEW;
> END;
> $encryptpw$
>
> CREATE TRIGGER trg_encryptpw BEFORE INSERT OR UPDATE ON
> assignees FOR EACH ROW EXECUTE PROCEDURE encryptpw();
>
> Comments, suggestions, criticisms?
>
> -- Gary Chambers
>
The weakness of this solution is that your password might be send in the
clear through the network as the encription ocurrs in the database. I
suggest the encryption be enforced at the application or secure the
connection with ssl.
From | Date | Subject | |
---|---|---|---|
Next Message | Gary Chambers | 2008-09-01 18:36:38 | Re: MAY I HAVE YOUR ASSISTANCE |
Previous Message | Gary Chambers | 2008-09-01 14:31:25 | Re: MAY I HAVE YOUR ASSISTANCE |