Hi Matthew + List, CAPS BELOW.. -----Original Message----- From: Matthew Horoschun [mailto:mhoroschun@xxxxxxxxxxxxxxx] Sent: Wednesday, 22 January 2003 2:49 PM To: Luke Woollard Cc: pgsql-php@xxxxxxxxxxxxxx; Farran Rebbeck Subject: Re: [PHP] Password Encryption to replicate MySQL PASSWORD function Hi Luke, I've just been playing with this myself (as you've seen). I'm no expert... ME EITHER. so maybe somebody else can jump in if what I say is incorrect. DITTO. On Wednesday, January 22, 2003, at 02:00 PM, Luke Woollard wrote: > How is this easiily achieved in Postgresql? (as there is no 'PASSWORD' > function) As far as I know there aren't any similar functions available in PostgreSQL. I HAVEN'T FOUND ANY EITHER. Additionally, I don't see anything wrong with sticking that logic on the application-side rather than in the database. FAIR ENOUGH. Of course, if you do your access-control on the application side, then you're vulnerable to faults in your PHP code potentially causing complete database compromise. YEP > Is there any way to replicate this with PostgreSQL or a better way to > authenticate users with both databases (md5 or similar) ???? One of the reasons we've moved from MySQL to PostgreSQL was to provide more stringent security by using views and schemas. We decided that the safest method was to create real users in the PostgreSQL system user table, and then let Postgres worry about authenticating users. Then, even if your PHP code is flawed, the SQL commands still execute with only the users permissions. INTERESTING This doesn't solve your original problem though. You still end up needing to do the md5 hashing in the application layer. I'm curious to know why you're opposed to this? NOT EXACTLY OPPOSED -> JUST WANT TO KEEP IT SIMPLE. THE LESS CODE TO MAINTAIN -> THE BETTER. WOULD RATHER RELY ON DATABASE SYSTEM TO PERFORM ENCRYPTION TECHNIQUE IF POSSIBLE.. I'm keen to hear other peoples views on the cleanest way to authenticate users... ME TOO. THERE'S A LIMITED AMOUNT OF QUALITY INFORMATION ON USING PHP WITH POSTGRESQL OUT THERE.. Cheers PEACE Matthew. LUKE -- Matthew Horoschun Network Administrator CanPrint Communications Pty. Ltd. Mobile: 0417 282 378 Direct: (02) 6295 4544 Telephone: (02) 6295 4422 Facsimile: (02) 6295 4473
