Re: client authentication - password encryption

On Nov 7, 2007 3:05 PM, G. J. Walsh <gjwalsh@dscdirectionalservices.com> wrote:
> In my application, a client will complete a  fairly involved
> registration form containing more personal information than usual. The
> form content will be encrypted (https) and will contain the client's
> choice of password.
>
> Previously, under MySQL, I used 2-way encryption, inserting the user and
> password into the client table like so:
>
> $insert = "INSERT INTO client_table (protocol,tpwd) VALUES ('$protocol',
> AES_ENCRYPT('$tpwd','$salted'));
>
> This allowed me to decrypt the password when the inevitable happens and
> the testee loses his password. That gave me protection for the password,
> because administration of the tests involved will not require ssl -
> being nothing more than a tansfer of raw item responses.
>
> >From what I can see, AES_ENCRYPT seems to be closely hitched to MySQL.
> Can I not avail myself of this function in PostgreSQL?
>
> George
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
>

Check out pg_crypto, in contrib. There's probably a contrib package
for whatever platform you're on.

- Josh/eggyknap