| From: | Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Encrypted column |
| Date: | 2007-06-05 13:22:32 |
| Message-ID: | 46656398.1090203@cox.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-sql |
On 06/04/07 17:54, Guy Rouillier wrote:
> Ranieri Mazili wrote:
>> Hello,
>>
>> I need to store users and passwords on a table and I want to store it
>> encrypted, but I don't found documentation about it, how can I create
>> a table with columns "user" and "password" with column "password"
>> encrypted and how can I check if "user" and "password" are correct
>> using a sql query ?
>
> Many people consider two-way encryption to be insecure; two-way
> encryption means you can decrypt a value if you know the key, and it is
> insecure because you usually have to put the key into the source code.
> That means at least one person in your company, the programmer
> maintaining the source code, can learn all of your users' passwords.
Two-way encryption is needed for companies that store customer
credit cards.
But yes, I've always worried about that.
> One
> way around that is to hash the value instead. Then to validate, at
> runtime you hash the user-entered password using the same hash function,
> and validate that it matches the stored hash. No one in your company
> ever knows end-user passwords.
>
--
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | A. Kretschmer | 2007-06-05 13:25:30 | Re: Foreign keys and indexes |
| Previous Message | Michael Fuhr | 2007-06-05 13:20:31 | Re: Foreign keys and indexes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2007-06-05 13:25:46 | Re: the right time to vacuum database? |
| Previous Message | Richard Huxton | 2007-06-05 13:21:44 | Re: JOIN |