> >> I would like to create a new table where one of the field would be a > >> user password. Is there any data type for supporting this > >> functionality? Something like Password DataType. I've taken a look > of > >> the available data types in PgAdmin Application and there is nothing > >> similar to this. > > > > most commonly, passwords are stored as hashes, such as md5, rather > > than plaintext. 'text' would be as suitable for this as anything, > > or bytea, if you want to store the hashes in binary. > > > Thanks for your answers. Sorry for the questions but I'm new to Postgre > :) > > The problem with a plain text password is that a user can see it by > looking at the user table. > Both suggest to use MD5. How can i use it? Any link, example about this > would be very appreciated.
Insert new users like this: insert into myusers (usernm, passwd) values ($user, MD5($pass)); So the paintext password is not stored. But you should still restrict access to this table. Revoke rights to regular users. When a user logs in, check for their access like this: select * from myusers where usernm=$user and passwd=MD5($pass); The hash of a particular password is always the same. To make this scheme more secure, you should add a salt before hashing. (You can find how to do this via google). -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
