Re: password function for PostgreSQL
| От | Joel Burton |
|---|---|
| Тема | Re: password function for PostgreSQL |
| Дата | |
| Msg-id | Pine.LNX.4.30.0110141925510.9304-100000@temp.joelburton.com обсуждение исходный текст |
| Ответ на | password function for PostgreSQL (hodges@xprt.net) |
| Список | pgsql-novice |
On Sun, 14 Oct 2001 hodges@xprt.net wrote: > Looking for a postgresql function similar to the password function in > MySQL. In MySQL putting --password($password)-- in an insert query > encrypts the value of $password that is stored in the table. You can > use password($password) to compare a password entered by a user in a > later query with the stored value of $password. > > This is not a password for a user registered in pg_shadow, rather it > is to limit someone going in through a public web interface to only > those records in a table that are associated with a certain login and > password combination. > > The web interface is written with PHP so I may have to simply encrypt > the password with a PHP function before storing or comparing it. > > Tom > Tom Hodges, hodges@xprt.net or tom_hodges@yahoo.com Tom -- Three possibilities, one straightforward and current, one better, and one cool and bleeding edge: (1) the function crypt(text, text) can be used like the MySQL function password(). You would use this like: SELECT COUNT(*) FROM tblUser WHERE username='...' AND password=CRPYT(<password>, <salt>) crypt() takes two parameters--string to encrypt and salt. 'man 3 salt' on a Unix box will give you the full story. (2) crypt uses the crypt() algorithm, which is cryptographically weak. PG can use stronger algorithms. Look in the contrib/ directory for pgcrypto, which will let you use algorithms like md5, etc. (RPM users: install the PostgreSQL-contribs RPM). (3) (perhaps even better): you can use the new field type "chkpass", which stores a hash of a password, which you can compare against. This has the advantage that you don't have to call the CRYPT() or md5() functions; instead you can do a normal comparison, like: SELECT COUNT(*) FROM tblUser WHERE username='...' AND password='...' and it will handle the crypting/unencrpying for you. This is a new type, in the contribs/ directory of the 7.2devel version. Good luck w/your web app, and HTH. -- Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant
В списке pgsql-novice по дате отправления: