| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | Iñigo Barandiaran <ibarandiaran(at)vicomtech(dot)org> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: field with Password |
| Date: | 2009-02-04 10:46:40 |
| Message-ID: | 49897210.6040709@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Iñigo Barandiaran wrote:
> Thanks for your answers. Sorry for the questions but I'm new to
> Postgre :)
>
> The problem with a plain text password is that a user can see it by
> looking at the user table.
> Both suggest to use MD5. How can i use it? Any link, example about
> this would be very appreciated.
md5 is a library function that converts a string to a 'hash', typically
32 bytes. so, when the user enters a password, you encode it with
md5() and compare it with the stored hash. the md5 hash is not
readily reversible (although brute force techniques can theoretically
come up with strings that will generate the same hash)
otoh, any table used to store security information probably should not
be directly viewable by the end user. application programming
techniques for ensuring application security go far beyond the charter
of this email list, however.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Rich | 2009-02-04 10:52:57 | Re: field with Password |
| Previous Message | Iñigo Barandiaran | 2009-02-04 10:36:33 | Re: field with Password |