Re: Password Encryption to replicate MySQL PASSWORD function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi Luke,

I've just been playing with this myself (as you've seen). I'm no expert... so maybe somebody else can jump in if what I say is incorrect.

On Wednesday, January 22, 2003, at 02:00  PM, Luke Woollard wrote:

How is this easiily achieved in Postgresql? (as there is no 'PASSWORD'
function)

As far as I know there aren't any similar functions available in PostgreSQL. Additionally, I don't see anything wrong with sticking that logic on the application-side rather than in the database.

Of course, if you do your access-control on the application side, then you're vulnerable to faults in your PHP code potentially causing complete database compromise.

Is there any way to replicate this with PostgreSQL or a better way to
authenticate users with both databases (md5 or similar) ????

One of the reasons we've moved from MySQL to PostgreSQL was to provide more stringent security by using views and schemas. We decided that the safest method was to create real users in the PostgreSQL system user table, and then let Postgres worry about authenticating users. Then, even if your PHP code is flawed, the SQL commands still execute with only the users permissions.

This doesn't solve your original problem though. You still end up needing to do the md5 hashing in the application layer. I'm curious to know why you're opposed to this?

I'm keen to hear other peoples views on the cleanest way to authenticate users...

Cheers

Matthew.

--
Matthew Horoschun
Network Administrator
CanPrint Communications Pty. Ltd.

Mobile:		0417 282 378
Direct:		(02) 6295 4544
Telephone:	(02) 6295 4422
Facsimile: 	(02) 6295 4473



[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux