Обсуждение: Storing passwords
Is there a PostgreSQL function that allows you to store passwords, but it encrypts them?
If not, are there any recommendations for storing passwords?
thank you!
~ Troy Campano ~
Date: Fri, 27 Dec 2002 10:01:30 -0500 From: "Campano, Troy" <Troy.Campano@LibertyMutual.com> > > Is there a PostgreSQL function that allows you to store passwords, but it encrypts them? > If not, are there any recommendations for storing passwords? > The easiest solution would be a stored procedure written in C that simply calls the crypt() function (for details: "man crypt"). In that case you will also need to store the "salt" with the encrypted password. Even if you have not yet written any stored procedure, it should be done in less than two hours. See the documentation on "server side programming" for details. Hope this helps, Christoph Dalitz
Christoph Dalitz wrote: > Date: Fri, 27 Dec 2002 10:01:30 -0500 > From: "Campano, Troy" <Troy.Campano@LibertyMutual.com> > > > > Is there a PostgreSQL function that allows you to store passwords, but it encrypts them? > > If not, are there any recommendations for storing passwords? > > > The easiest solution would be a stored procedure written in C that simply > calls the crypt() function (for details: "man crypt"). In that case you will > also need to store the "salt" with the encrypted password. > > Even if you have not yet written any stored procedure, it should be done > in less than two hours. See the documentation on "server side programming" for details. Also, see /contrib/pgcrypto for encryption routines. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
In fact, there is an PostgreSQL FAQ item about encryption. --------------------------------------------------------------------------- Bruce Momjian wrote: > Christoph Dalitz wrote: > > Date: Fri, 27 Dec 2002 10:01:30 -0500 > > From: "Campano, Troy" <Troy.Campano@LibertyMutual.com> > > > > > > Is there a PostgreSQL function that allows you to store passwords, but it encrypts them? > > > If not, are there any recommendations for storing passwords? > > > > > The easiest solution would be a stored procedure written in C that simply > > calls the crypt() function (for details: "man crypt"). In that case you will > > also need to store the "salt" with the encrypted password. > > > > Even if you have not yet written any stored procedure, it should be done > > in less than two hours. See the documentation on "server side programming" for details. > > Also, see /contrib/pgcrypto for encryption routines. > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
ok, I want that my data base be safe.
so, why if a put this command in the prompt like a regular user
zurron@gpsis:~$ /usr/local/pgsql/bin/psql -d colegio -U postgres
i get this:
Welcome to psql, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit
colegio=#
and here i can do whatever i want
what must i do for fix it?
colegio=# SELECT version();
version
---------------------------------------------------------------
PostgreSQL 7.2.1 on i686-pc-linux-gnu, compiled by GCC 2.95.3
(1 row)
and
test_ip=# select version();
version
---------------------------------------------------------------------------------------------------------
PostgreSQL 7.2.2 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.2
20020903 (Red Hat Linux 8.0 3.2-7)
(1 row)
test_ip=#
thanks.
Fabian
On Fri, Dec 27, 2002 at 20:39:50 +0100, zurron@vesta.tmf.bg.ac.yu wrote: > > ok, I want that my data base be safe. > so, why if a put this command in the prompt like a regular user > > zurron@gpsis:~$ /usr/local/pgsql/bin/psql -d colegio -U postgres Probably you don't want to use 'trust' as the authentication method.
Hello, You need to edit your pg_hba.conf file and make it so local (and remote) connections use the auth method of MD5. Then when you create (or alter a user) you want to use the WITH ENCRYPTED PASSWORD '<password>' option. That way you will have a MD5 hash as the password, and it will always ask you for a password (even when using psql). Sincerely, Joshua Drake Bruno Wolff III wrote: > On Fri, Dec 27, 2002 at 20:39:50 +0100, > zurron@vesta.tmf.bg.ac.yu wrote: > >>ok, I want that my data base be safe. >>so, why if a put this command in the prompt like a regular user >> >>zurron@gpsis:~$ /usr/local/pgsql/bin/psql -d colegio -U postgres > > > Probably you don't want to use 'trust' as the authentication method. > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster -- <COMPANY>CommandPrompt - http://www.commandprompt.com </COMPANY> <CONTACT> <PHONE>+1.503.222-2783</PHONE> </CONTACT>