* Thomas Hallgren <[EMAIL PROTECTED]> [2004-10-14 17:27:20 +0200]: > I'm connected to a database and I want to verify that a username and > password for some user is correct. I know I can verify a users existence > by doing: > > select exists(select * from pg_user where usename = $1)
You can get at the md5 hashed passwords in the pg_shadow table provided your user has the requisite permission. There may be something out there already that does this for you, but this is how the function/query might look if you went the Brute Force (tm) route. CREATE FUNCTION check_passwd(text,text) RETURNS boolean AS 'SELECT CASE WHEN passwd = md5($2) THEN true ELSE false END FROM pg_shadow WHERE usename = $1;' LANGUAGE sql; -- Steven Klassen - Lead Programmer Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Replication & Support Services, (503) 667-4564 ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
