Re: md5 hashing of user passwords
| От | Bruce Momjian |
|---|---|
| Тема | Re: md5 hashing of user passwords |
| Дата | |
| Msg-id | 200803250146.m2P1kfZ03399@momjian.us обсуждение исходный текст |
| Ответ на | md5 hashing of user passwords ("G. J. Walsh" <gjwalsh@dscdirectionalservices.com>) |
| Список | pgsql-novice |
We add the username to the md5 hash. See the libpq code for an example, PQencryptPassword(). --------------------------------------------------------------------------- G. J. Walsh wrote: > At registration, a user's password is encrypted by php's md5 and stored > in a client login table. > > On login, the client's password as provided in a login form, is run > through md5 hashing and submitted to the server for authentication. > Pretty standard stuff! > > BUT authentication always fails. > > To get a grip on this, I set up a record with a specific password. For > some reason I cannot understand, the md5 hash written into postgresql > does not correspond with the echoing back of the hash at login attempts. > > In both instances, the hashing is consistent. > > The login is performed under ssl. Changing it to run under http makes no > difference - the hashing remains the same. > > The data base provides a character varying(32) column for the hashed > password. > > Can someone help me out of this morass??? > > Much appreciated! > > -- > Sent via pgsql-novice mailing list (pgsql-novice@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-novice -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
В списке pgsql-novice по дате отправления: