| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | "G(dot) J(dot) Walsh" <gjwalsh(at)dscdirectionalservices(dot)com> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: md5 hashing of user passwords |
| Date: | 2008-03-25 01:46:41 |
| Message-ID: | 200803250146.m2P1kfZ03399@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
We add the username to the md5 hash. See the libpq code for an example,
PQencryptPassword().
---------------------------------------------------------------------------
G. J. Walsh wrote:
> At registration, a user's password is encrypted by php's md5 and stored
> in a client login table.
>
> On login, the client's password as provided in a login form, is run
> through md5 hashing and submitted to the server for authentication.
> Pretty standard stuff!
>
> BUT authentication always fails.
>
> To get a grip on this, I set up a record with a specific password. For
> some reason I cannot understand, the md5 hash written into postgresql
> does not correspond with the echoing back of the hash at login attempts.
>
> In both instances, the hashing is consistent.
>
> The login is performed under ssl. Changing it to run under http makes no
> difference - the hashing remains the same.
>
> The data base provides a character varying(32) column for the hashed
> password.
>
> Can someone help me out of this morass???
>
> Much appreciated!
>
> --
> Sent via pgsql-novice mailing list (pgsql-novice(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-novice
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | kenneth d'souza | 2008-03-25 11:52:32 | difference in MVCC in 8.3 vs 8.2 |
| Previous Message | G. J. Walsh | 2008-03-25 01:43:00 | md5 hashing of user passwords |