Maybe a little example
- create a table with two columns: username and password (eg. tbl_users)
- in a secure environment (thus not over the internet) insert records into the
table
INSERT INTO tbl_users(username, password) VALUES ('John',
md5('johnspassword'))
- make a website with a login page (= a form with two fields: frm_username and
frm_password)
- let a javascript md5 function hash the password before sending the form field
values to the webserver
that way the password doensn't go over the internet in an unprotected way
- let your webserver (eg with php) compare the received password (= hashed)
with the one in tbl_users
select count(*) from tbl_users where username = [value from frm_username] and
password = [value from frm_password]
if the password is ok then count will be 1
- the user has been authenticated and can go on
now you can start a session in your website, etc etc
if count was 0 you should resent the login form with a notice "wrong password"
>>> John DeSoi <[EMAIL PROTECTED]> 2007-03-01 14:25 >>>
MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
hash passwords. For example:
select md5('this is my password');
md5
----------------------------------
210d53992dff432ec1b1a9698af9da16
(1 row)
On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> Thanks Andrej. But how can I use such algoritms in postgresql? arey
> they defined in a function that I can call?
>
> Or, do I have to code one of those algorithm to use it in my
> application?
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
