Search Postgresql Archives

Re: Password encryption method

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jan 19, 2007 at 09:31:49 +0100,
  Bertram Scharpf <lists@xxxxxxxxxxxxxxxxxx> wrote:
> Hi,
> 
> looking at the source code I find out that this works:
> 
>   sandbox=# create role joe login password 'verysecret';
>   CREATE ROLE
>   sandbox=# create function validate_user_8_1(text,text) returns boolean immutable language 'sql' as $$ select 'md5'||md5($2||$1) = rolpassword from pg_authid where rolname=$1; $$;
>   CREATE FUNCTION
>   sandbox=# select validate_user_8_1('joe','verysecret');
>    validate_user_8_1
>   -------------------
>    t
>   (1 Zeile)
> 
> May I rely on this in future versions or are there more
> sophisticated ways to do it?

I don't know that I would 'rely' on it, but it doesn't seem like something
that is likely to change any time soon. But I could see there being alternate
hash functions being used eventually.

It might make more sense to use your own table of users and hashed passwords
rather than postgres'. This would depend somewhat on the overlap of users who
are using your application and those who connect directly to the database.
If there isn't much overlap, having a separate table is probably better.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux