| From: | Jasen Betts <jasen(at)xnet(dot)co(dot)nz> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: Table design for basic user management |
| Date: | 2009-11-10 10:16:16 |
| Message-ID: | hdbehg$o46$1@reversiblemaps.ath.cx |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On 2009-11-08, Michael Wood <esiotrot(at)gmail(dot)com> wrote:
> 2009/11/7 Jasen Betts <jasen(at)xnet(dot)co(dot)nz>:
>> On 2009-11-06, Thomas Løcke <thomas(dot)granvej6(at)gmail(dot)com> wrote:
> [...]
>>> I've come up with an initial design for this database:
>>> http://pastebin.com/f5255453e
> [...]
>> CREATE TABLE log (
>> userid integer PRIMARY KEY REFERENCES REFERENCES user(id) ON DELETE CASCADE,
>> registered timestamp DEFAULT now() NOT NULL,
>> lastvisit timestamp NOT NULL,
>> visits integer DEFAULT 0 NOT NULL
>> );
>>
>> then you can log-in with a single query,
>>
>> update user set lastvisit=default where username='fred' and
>> password=md5('salt'||'password') returning id;
> [...]
>
> I agree with using a salt, but you appear to be advocating a fixed
> salt for everyone?
it's better than nothing, but you're right a variable salt is even
better.
with no salt at all you can sometimes google the MD5 to "decrypt" it!
> Normally the salt is stored along with the
> password hash, so you'd need one query to retrieve the salt and
> another query to calculate the hash and compare it to the stored hash.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rikard Bosnjakovic | 2009-11-10 11:25:41 | Pros / cons for indexing a small table |
| Previous Message | Tom Lane | 2009-11-09 15:29:38 | Re: Reading a file on Windows with psql |