| From: | Steven Klassen <sklassen(at)commandprompt(dot)com> |
|---|---|
| To: | Thomas Hallgren <thhal(at)mailblocks(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Verifying a user. |
| Date: | 2004-10-14 17:07:39 |
| Message-ID: | 20041014170739.GA20464@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
* Thomas Hallgren <thhal(at)mailblocks(dot)com> [2004-10-14 17:27:20 +0200]:
> I'm connected to a database and I want to verify that a username and
> password for some user is correct. I know I can verify a users existence
> by doing:
>
> select exists(select * from pg_user where usename = $1)
You can get at the md5 hashed passwords in the pg_shadow table
provided your user has the requisite permission.
There may be something out there already that does this for you, but
this is how the function/query might look if you went the Brute Force
(tm) route.
CREATE FUNCTION check_passwd(text,text) RETURNS boolean AS 'SELECT
CASE WHEN passwd = md5($2) THEN true ELSE false END FROM pg_shadow
WHERE usename = $1;' LANGUAGE sql;
--
Steven Klassen - Lead Programmer
Command Prompt, Inc. - http://www.commandprompt.com/
PostgreSQL Replication & Support Services, (503) 667-4564
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steven Klassen | 2004-10-14 17:19:24 | Re: Verifying a user. |
| Previous Message | MikeSmialek2@Hotmail.com | 2004-10-14 17:01:38 | Performance on Win32 vs Cygwin |