| From: | Pascual De Ruvo <deruvo(at)gmail(dot)com> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Storing/Using Passwords |
| Date: | 2005-05-18 13:01:59 |
| Message-ID: | fb73c1ee050518060120de28f3@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On 5/18/05, Sean Davis <sdavis2(at)mail(dot)nih(dot)gov> wrote:
>
> You can compute an MD5 hash in Java and store that. Then, when a user
> enters a password, just compare the same MD5 hash to the value stored
> in the database.
>
>
If you use oly the MD5 hash of the username, someone with access to the
table could replace an existing password and gain access to the system.
In case you want to add an extra level of security you should make the hash
unique to every username in YOUR system, in order to do this, you can
concatenate the username, the password, an static text and a dynamic element
(can be the OID of the row) , then compute the MD5 hash and store it in the
users table. Then compute the MD5 hash with the same logic and compare it
with the stored value any time you want to authenticate the user.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John DeSoi | 2005-05-18 14:30:50 | Re: Psql bug on Windows or pilot error? ;-) |
| Previous Message | Schuhmacher, Bret | 2005-05-18 12:58:04 | Psql bug on Windows or pilot error? ;-) |