On 6/5/07, Tino Wildenhain <tino@xxxxxxxxxxxxx> wrote:
Ranieri Mazili schrieb: > Hello, > > I need to store users and passwords on a table and I want to store it > encrypted, but I don't found documentation about it, how can I create a > table with columns "user" and "password" with column "password" > encrypted and how can I check if "user" and "password" are correct using > a sql query ? Passwords are usually not encrypted but hashed instead. A common hash function is available in postgres w/o any additional extension: md5() The rule is, if two hashes compare equal, then the original data must be equal (yes, there are chances for collisions, but practically very low. See also sha1 and friends in the pgcrypto contrib module) Regards Tino
Remember, you would also want to add some sort of salt before you ran the hash, otherwise your password list is vulnerable to a simple brute-force attack.
