> -----Mensaje original----- > De: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] En nombre de Gary Chambers > Enviado el: Lunes, 01 de Septiembre de 2008 11:31 > Para: D'Arcy J.M. Cain > CC: [EMAIL PROTECTED]; pgsql-sql@postgresql.org > Asunto: Re: [SQL] MAY I HAVE YOUR ASSISTANCE > > >> I have one problem with the user table. I want to hide the > password for the users. > > Here's what I did, which requires using the contrib/pgcrypto > extension: > > CREATE FUNCTION encryptpw() RETURNS TRIGGER AS $encryptpw$ BEGIN > NEW.password = CRYPT(NEW.password, GEN_SALT('md5')); > RETURN NEW; > END; > $encryptpw$ > > CREATE TRIGGER trg_encryptpw BEFORE INSERT OR UPDATE ON > assignees FOR EACH ROW EXECUTE PROCEDURE encryptpw(); > > Comments, suggestions, criticisms? > > -- Gary Chambers >
The weakness of this solution is that your password might be send in the clear through the network as the encription ocurrs in the database. I suggest the encryption be enforced at the application or secure the connection with ssl. -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
