*Summary:* A new feature request to make password authentication and security easy for non-security savvy users in the light of poor password security in production environments.
*Feature:* 1. Introduce a new SQL function called authenticate(<field>,<plaintext varchar password>) to authenticate a particular field. 2. Introduce a new SQL data type called Password which will take in plaintext password inputs and perform secure PBKDF2/BCRYPT/SCRYPT functions on the input to be later retrieved. *Description:*The H2 database should support a new data type called Password which would automatically take parsed plaintext input to be encoded into a string of secure hashed password in the PBKDF2/BCRYPT/SCRYPT format. Users can create a Password type by doing the following: > create table users (user varchar primary key, hashedpass password); > >From the above SQL statement, 'hashedpass' is the type of Password. If a user wants to do a Password authenticate() function on a particular field, say 'hashedpass' field, they would issue the following command: authenticate(hashedpass,'th1sIsMyP@55w0rd'); The return result would be a boolean of True or False indicating whether the authentication of the hashed password is successful or not. If the user wants to select 'hashedpass' instead of authenticating to view the hashed password string, the user may issue the following command: select hashedpass from users; This will return a varchar string of the hashed password. The varchar string maybe Base64 encoded or Hexadecimal format whichever is preferred. BCRYPT and SCRYPT usually return in the form of a Base64 encoded string in their own format. To emulate a real world login SQL statement, the user may issue the following two commands: select hashedpass from users where user='myuser'; > authenticate(hashedpass,'password'); The authenticate simply performs a hashed password function to match the password. The authenticate() should not be bounded to a primary key. The choice of ciphers for performing the hashed password should be stored in the H2 properties and be configured via SQL statements. Similarly, the number of rounds and complexity for the cipher parameters should be configured and be configurable as properties within H2 environment variables. -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
