Re: Table design for basic user management

Поиск
Список
Период
Сортировка
От Jasen Betts
Тема Re: Table design for basic user management
Дата
Msg-id hdbehg$o46$1@reversiblemaps.ath.cx
обсуждение исходный текст
Ответ на Table design for basic user management  (Thomas Løcke <thomas.granvej6@gmail.com>)
Список pgsql-novice
On 2009-11-08, Michael Wood <esiotrot@gmail.com> wrote:
> 2009/11/7 Jasen Betts <jasen@xnet.co.nz>:
>> On 2009-11-06, Thomas Løcke <thomas.granvej6@gmail.com> wrote:
> [...]
>>> I've come up with an initial design for this database:
>>> http://pastebin.com/f5255453e
> [...]
>> CREATE TABLE log (
>>    userid integer PRIMARY KEY REFERENCES REFERENCES user(id) ON DELETE CASCADE,
>>    registered timestamp  DEFAULT now() NOT NULL,
>>    lastvisit  timestamp  NOT NULL,
>>    visits integer DEFAULT 0 NOT NULL
>> );
>>
>> then you can log-in with a single query,
>>
>> update user set lastvisit=default where username='fred' and
>> password=md5('salt'||'password') returning id;
> [...]
>
> I agree with using a salt, but you appear to be advocating a fixed
> salt for everyone?

it's better than nothing, but you're right a variable salt is even
better.

with no salt at all you can sometimes google the MD5 to "decrypt" it!

> Normally the salt is stored along with the
> password hash, so you'd need one query to retrieve the salt and
> another query to calculate the hash and compare it to the stored hash.


В списке pgsql-novice по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Reading a file on Windows with psql
Следующее
От: Rikard Bosnjakovic
Дата:
Сообщение: Pros / cons for indexing a small table