| From: | "Josh Tolley" <eggyknap(at)gmail(dot)com> |
|---|---|
| To: | "G(dot) J(dot) Walsh" <gjwalsh(at)dscdirectionalservices(dot)com> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: client authentication - password encryption |
| Date: | 2007-11-08 14:15:42 |
| Message-ID: | e7e0a2570711080615u7326550foa932ceb4e9909e39@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On Nov 7, 2007 3:05 PM, G. J. Walsh <gjwalsh(at)dscdirectionalservices(dot)com> wrote:
> In my application, a client will complete a fairly involved
> registration form containing more personal information than usual. The
> form content will be encrypted (https) and will contain the client's
> choice of password.
>
> Previously, under MySQL, I used 2-way encryption, inserting the user and
> password into the client table like so:
>
> $insert = "INSERT INTO client_table (protocol,tpwd) VALUES ('$protocol',
> AES_ENCRYPT('$tpwd','$salted'));
>
> This allowed me to decrypt the password when the inevitable happens and
> the testee loses his password. That gave me protection for the password,
> because administration of the tests involved will not require ssl -
> being nothing more than a tansfer of raw item responses.
>
> >From what I can see, AES_ENCRYPT seems to be closely hitched to MySQL.
> Can I not avail myself of this function in PostgreSQL?
>
> George
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
>
Check out pg_crypto, in contrib. There's probably a contrib package
for whatever platform you're on.
- Josh/eggyknap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-11-08 15:28:36 | Re: Trigger function syntax |
| Previous Message | Nico Callewaert | 2007-11-08 08:48:15 | Trigger function syntax |