Thanks!
Ok. I've found http://256.com/sources/md5/ library. So the idea is to
define in the dataBase a Field of PlainText type. When I want to insert
a new user, I define a password, convert to MD5 hash with the library
and store it in the DataBase. Afterwards, any user check should get the
content of the DataBase of do the inverse process with the library. Is
it correct?
Thanks so much!!!!!!
Best,
Iñigo Barandiaran wrote:
Thanks for your answers. Sorry for the questions but I'm new to
Postgre :)
The problem with a plain text password is that a user can see it by
looking at the user table.
Both suggest to use MD5. How can i use it? Any link, example about
this would be very appreciated.
md5 is a library function that converts a string to a 'hash',
typically 32 bytes. so, when the user enters a password, you encode
it with md5() and compare it with the stored hash. the md5 hash is
not readily reversible (although brute force techniques can
theoretically come up with strings that will generate the same hash)
otoh, any table used to store security information probably should not
be directly viewable by the end user. application programming
techniques for ensuring application security go far beyond the charter
of this email list, however.
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
