On 6/5/07, Tino Wildenhain <[EMAIL PROTECTED]> wrote:
Ranieri Mazili schrieb:
> Hello,
>
> I need to store users and passwords on a table and I want to store it
> encrypted, but I don't found documentation about it, how can I create a
> table with columns "user" and "password" with column "password"
> encrypted and how can I check if "user" and "password" are correct using
> a sql query ?
Passwords are usually not encrypted but hashed instead. A common hash
function is available in postgres w/o any additional extension:
md5()
The rule is, if two hashes compare equal, then the original data must
be equal (yes, there are chances for collisions, but practically very
low. See also sha1 and friends in the pgcrypto contrib module)
Regards
Tino
Remember, you would also want to add some sort of salt before you ran
the hash, otherwise your password list is vulnerable to a simple
brute-force attack.
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
