| From: | Andrew Sullivan <ajs(at)crankycanuck(dot)ca> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: password cookie |
| Date: | 2006-10-25 14:06:57 |
| Message-ID: | 20061025140657.GC1700@phlogiston.dyndns.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Oct 25, 2006 at 03:49:54PM +0200, Willy-Bas Loos wrote:
> So as a temporary compromise, we decided to store the username and password
> in a cookie on the client PC, which is of course a serious weakness.
>
> Can anyone give me some advise on how to do this a better way, without
> consuming too much time, or is this the best thing to do in such a
> situation?
The usual workaround I'm familiar with is to set a hash of some sort
that is the user, password, and some salt. Then you authenticate
against that hash in your application, so that you never actually
send these values, nor store them anywhere except the database.
A
--
Andrew Sullivan | ajs(at)crankycanuck(dot)ca
"The year's penultimate month" is not in truth a good way of saying
November.
--H.W. Fowler
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2006-10-25 14:11:02 | Re: Monitoring Postgres - Get the SQL queries which are sent to postgres |
| Previous Message | Nico Grubert | 2006-10-25 13:56:17 | Monitoring Postgres - Get the SQL queries which are sent to postgres |