Re: password encryption

Never mind what I just said.  I see the issue of encrypting before being
sent over the wire.  We do that for PostgreSQL password, but if you want
to do it for a value before it is sent over the wire, you can use an SSL
connection to the database, or some client-side encryption.

---------------------------------------------------------------------------

Klaus Sonnenleiter wrote:
> To protect your passwords effectively, you probably want them encrypted before
> they go on the wire, so you will need to put the encryption capability in the
> application, not in the database. This way you will only transmit and store
> encrypted data. Take a look at cryptix.org for some pretty good Java and Perl
> implementations.
>
> On Wednesday 21 August 2002 05:36, Tim Ellis wrote:
> > > i like to store passwords for a webapplication in my postgre database.
> > >
> > > now i'm searching for a way to encrypt the passwords, something like the
> > > function password() for mysql.
> >
> > I always run my passwords through md5sum(), which is an open source
> > implementation, and thus seems to've been written in every language out
> > there.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073