Re: password encryption

Never mind what I just said. I see the issue of encrypting before being
sent over the wire. We do that for PostgreSQL password, but if you want
to do it for a value before it is sent over the wire, you can use an SSL
connection to the database, or some client-side encryption.

---------------------------------------------------------------------------

Klaus Sonnenleiter wrote:
> To protect your passwords effectively, you probably want them encrypted before
> they go on the wire, so you will need to put the encryption capability in the
> application, not in the database. This way you will only transmit and store
> encrypted data. Take a look at cryptix.org for some pretty good Java and Perl
> implementations.
>
> On Wednesday 21 August 2002 05:36, Tim Ellis wrote:
> > > i like to store passwords for a webapplication in my postgre database.
> > >
> > > now i'm searching for a way to encrypt the passwords, something like the
> > > function password() for mysql.
> >
> > I always run my passwords through md5sum(), which is an open source
> > implementation, and thus seems to've been written in every language out
> > there.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073