Re: Can a user change their own password?

On Mon, 2 Feb 2004 14:24:02 +0000 (GMT), Francisco Reyes
<lists@natserv.com> wrote:

> Is this for a program you are writing?
> If so the most common way I see authentication implemented is to have a
> table with user/password, but only one user ID connect to the database.

...

> If you give more details about what you are trying to do perhaps we can
> be
> more usefull.

We will have a web-based application where users will login over the
internet. They will receive their user name and password by email. When
they first login, they will be required to change the password before they
can start using the application. The users will have the capability to
change their password any time after this initial password change. Since
this application will store and retrieve data from the database, I was
thinking I could use postgreses user name and password facilities
especially the encrypted passwords. But what I couldn'y find was how to
allow a user to only change their password in the postgresql database.

If I used a table to store the passwords, would you encypt the passwords.