| From: | "Neil Saunders" <n(dot)j(dot)saunders(at)gmail(dot)com> |
|---|---|
| To: | "Kevin Crenshaw" <kcrenshaw(at)viscient(dot)com> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Storing sensitive data |
| Date: | 2006-03-09 13:30:41 |
| Message-ID: | ddcd549e0603090530i508c387em1c11e162de07e9ce@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
The usual way of doing this is by not storing the password, but
instead an MD5 representation of the password:
INSERT INTO users (username, password) VALUES ('kevin', MD5('mypassword'))
SELECT * FROM users WHERE username='kevin' AND password=MD5('mypassword');
This does mean that you won't know what your users passwords are, and
that a user can't be reminded of their password, only have it changed,
but these are usually un-important side effects.
Hope this helps,
Neil.
On 3/9/06, Kevin Crenshaw <kcrenshaw(at)viscient(dot)com> wrote:
>
>
>
> I have a table that stores usernames and passwords and I want to encrypt the
> passwords before they are stored in the database. Will postgresql do this
> for me, or do I have to do the encryption on the client side? Could you
> please point me to some instructions on how to accomplish this.
>
>
>
> Thanks for your help,
>
>
>
> kevin
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | operationsengineer1 | 2006-03-09 17:33:11 | Re: Storing sensitive data |
| Previous Message | Guido Barosio | 2006-03-09 13:28:42 | Re: Storing sensitive data |