Обсуждение: How to store a password encripted in a user defined table
Hello, I wonder if somebody knows how to store passwords in a column that is part of a user defined table.
I've been searching and reading the documentation, but I can't find what I'm looking for. I just get password subjects related to client's connections to the database.
Thanks in advanced for any help you can provide.
Do You Yahoo!? La mejor conexión a Internet y 2GB extra a tu correo por $100 al mes. http://net.yahoo.com.mx
On 3/1/07, Eugenio Flores <eflores767003@yahoo.com.mx> wrote: > Hello, I wonder if somebody knows how to store passwords in a > column that is part of a user defined table. Assuming that your passwords are application specific use a sha1 or md5 algorithm (depending on how sensitive your data is) and store that in a varchar or char field. When the user authenticates the password gets hashed in the app and compared against the stored hash. Cheers, Andrej
Thanks Andrej. But how can I use such algoritms in postgresql? arey they defined in a function that I can call?
Or, do I have to code one of those algorithm to use it in my application?
----- Mensaje original ----
De: Andrej Ricnik-Bay <andrej.groups@gmail.com>
Para: Eugenio Flores <eflores767003@yahoo.com.mx>; PostgreSQL <pgsql-sql@postgresql.org>
Enviado: jueves, 1 de marzo, 2007 0:21:06
Asunto: Re: [SQL] How to store a password encripted in a user defined table
De: Andrej Ricnik-Bay <andrej.groups@gmail.com>
Para: Eugenio Flores <eflores767003@yahoo.com.mx>; PostgreSQL <pgsql-sql@postgresql.org>
Enviado: jueves, 1 de marzo, 2007 0:21:06
Asunto: Re: [SQL] How to store a password encripted in a user defined table
On 3/1/07, Eugenio Flores <eflores767003@yahoo.com.mx> wrote:
> Hello, I wonder if somebody knows how to store passwords in a
> column that is part of a user defined table.
Assuming that your passwords are application specific use
a sha1 or md5 algorithm (depending on how sensitive your data is)
and store that in a varchar or char field. When the user authenticates
the password gets hashed in the app and compared against the
stored hash.
Cheers,
Andrej
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
> Hello, I wonder if somebody knows how to store passwords in a
> column that is part of a user defined table.
Assuming that your passwords are application specific use
a sha1 or md5 algorithm (depending on how sensitive your data is)
and store that in a varchar or char field. When the user authenticates
the password gets hashed in the app and compared against the
stored hash.
Cheers,
Andrej
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Do You Yahoo!? La mejor conexión a Internet y 2GB extra a tu correo por $100 al mes. http://net.yahoo.com.mx
Andrej Ricnik-Bay wrote: > On 3/1/07, Eugenio Flores <eflores767003@yahoo.com.mx> wrote: >> Hello, I wonder if somebody knows how to store passwords in a >> column that is part of a user defined table. > Assuming that your passwords are application specific use > a sha1 or md5 algorithm (depending on how sensitive your data is) > and store that in a varchar or char field. When the user authenticates > the password gets hashed in the app and compared against the > stored hash. > If you want the server to take care of it look at pgcrypto - you will find it in the contrib folder of the source distro. This doesn't give you an encrypted data type (but you could set that up if you wish) it will give you functions that you can use. Of course that would mean they get sent through the client connection as clear text unless you are using an SSL client connection. -- Shane Ambler pgSQL@Sheeky.Biz Get Sheeky @ http://Sheeky.Biz
MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
hash passwords. For example:
select md5('this is my password');
md5
----------------------------------
210d53992dff432ec1b1a9698af9da16
(1 row)
On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> Thanks Andrej. But how can I use such algoritms in postgresql? arey
> they defined in a function that I can call?
>
> Or, do I have to code one of those algorithm to use it in my
> application?
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
Maybe a little example
- create a table with two columns: username and password (eg. tbl_users)
- in a secure environment (thus not over the internet) insert records into the table
INSERT INTO tbl_users(username, password) VALUES ('John', md5('johnspassword'))
- make a website with a login page (= a form with two fields: frm_username and frm_password)
- let a javascript md5 function hash the password before sending the form field values to the webserver
that way the password doensn't go over the internet in an unprotected way
- let your webserver (eg with php) compare the received password (= hashed) with the one in tbl_users
select count(*) from tbl_users where username = [value from frm_username] and password = [value from frm_password]
if the password is ok then count will be 1
- the user has been authenticated and can go on
- the user has been authenticated and can go on
now you can start a session in your website, etc etc
if count was 0 you should resent the login form with a notice "wrong password"
>>> John DeSoi <desoi@pgedit.com> 2007-03-01 14:25 >>>
MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
hash passwords. For example:
select md5('this is my password');
md5
----------------------------------
210d53992dff432ec1b1a9698af9da16
(1 row)
On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> Thanks Andrej. But how can I use such algoritms in postgresql? arey
> they defined in a function that I can call?
>
> Or, do I have to code one of those algorithm to use it in my
> application?
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
if count was 0 you should resent the login form with a notice "wrong password"
>>> John DeSoi <desoi@pgedit.com> 2007-03-01 14:25 >>>
MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
hash passwords. For example:
select md5('this is my password');
md5
----------------------------------
210d53992dff432ec1b1a9698af9da16
(1 row)
On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> Thanks Andrej. But how can I use such algoritms in postgresql? arey
> they defined in a function that I can call?
>
> Or, do I have to code one of those algorithm to use it in my
> application?
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Re: How to store a password encripted in a user defined table
От
"Ezequias Rodrigues da Rocha"
Дата:
John,
That was what I was looking for for a long time.
Now I will change my teller password account to md5.
Could someone suggest me how to change all passwords (PLAIN) to md5 ?
My real best regards
Ezequias
2007/3/1, John DeSoi <desoi@pgedit.com>:
> MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> hash passwords. For example:
>
> select md5('this is my password');
>
> md5
> ----------------------------------
> 210d53992dff432ec1b1a9698af9da16
> (1 row)
>
>
>
> On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
>
> > Thanks Andrej. But how can I use such algoritms in postgresql? arey
> > they defined in a function that I can call?
> >
> > Or, do I have to code one of those algorithm to use it in my
> > application?
>
>
>
> John DeSoi, Ph.D.
> http://pgedit.com/
> Power Tools for PostgreSQL
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
> choose an index scan if your joining column's datatypes do not
> match
>
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Atenciosamente
(Sincerely) Ezequias Rodrigues da
Rocha=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
update yourtable set passwordfield = md5(passwordfield)
watch out: md5 is irreversable! you can't "un_md5"
>>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01 15:08 >>>
John,
That was what I was looking for for a long time.
Now I will change my teller password account to md5.
Could someone suggest me how to change all passwords (PLAIN) to md5 ?
My real best regards
Ezequias
2007/3/1, John DeSoi <desoi@pgedit.com>:
> MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> hash passwords. For example:
>
> select md5('this is my password');
>
> md5
> ----------------------------------
> 210d53992dff432ec1b1a9698af9da16
> (1 row)
>
>
>
> On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
>
> > Thanks Andrej. But how can I use such algoritms in postgresql? arey
> > they defined in a function that I can call?
> >
> > Or, do I have to code one of those algorithm to use it in my
> > application?
>
>
>
> John DeSoi, Ph.D.
> http://pgedit.com/
> Power Tools for PostgreSQL
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
> choose an index scan if your joining column's datatypes do not
> match
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Atencio samente (Sincerely)
Ezequias Rodrigues da Rocha
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
>>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01 15:08 >>>
John,
That was what I was looking for for a long time.
Now I will change my teller password account to md5.
Could someone suggest me how to change all passwords (PLAIN) to md5 ?
My real best regards
Ezequias
2007/3/1, John DeSoi <desoi@pgedit.com>:
> MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> hash passwords. For example:
>
> select md5('this is my password');
>
> md5
> ----------------------------------
> 210d53992dff432ec1b1a9698af9da16
> (1 row)
>
>
>
> On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
>
> > Thanks Andrej. But how can I use such algoritms in postgresql? arey
> > they defined in a function that I can call?
> >
> > Or, do I have to code one of those algorithm to use it in my
> > application?
>
>
>
> John DeSoi, Ph.D.
> http://pgedit.com/
> Power Tools for PostgreSQL
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
> choose an index scan if your joining column's datatypes do not
> match
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Atencio samente (Sincerely)
Ezequias Rodrigues da Rocha
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
I know it. Thank you so much.
Ezequias
Grettings from Brazil.
2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
>
>
> update yourtable set passwordfield = md5(passwordfield)
>
> watch out: md5 is irreversable! you can't "un_md5"
>
>
> >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01
> 15:08 >>>
>
> John,
>
> That was what I was looking for for a long time.
>
> Now I will change my teller password account to md5.
>
> Could someone suggest me how to change all passwords (PLAIN) to md5 ?
>
> My real best regards
> Ezequias
>
> 2007/3/1, John DeSoi <desoi@pgedit.com>:
> > MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> > hash passwords. For example:
> >
> > select md5('this is my password');
> >
> > md5
> > ----------------------------------
> > 210d53992dff432ec1b1a9698af9da16
> > (1 row)
> >
> >
> >
> > On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> >
> > > Thanks Andrej. But how can I use such algoritms in postgresql? arey
> > > they defined in a function that I can call?
> > >
> > > Or, do I have to code one of those algorithm to use it in my
> > > application?
> >
> >
> >
> > John DeSoi, Ph.D.
> > http://pgedit.com/
> > Power Tools for PostgreSQL
> >
> >
> > ---------------------------(end of
> broadcast)---------------------------
> > TIP 9: In versions below 8.0, the planner will ignore your desire to
> > choose an index scan if your joining column's datatypes do not
> > match
> >
Just another thing.
Why md5 function return a different string from user role of postgresql ?
It allways put an md5 string concated with another sequence of string.
Why does it occurs ?
Ezequias
2007/3/1, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com>:
> I know it. Thank you so much.
>
> Ezequias
> Grettings from Brazil.
>
> 2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
> >
> >
> > update yourtable set passwordfield = md5(passwordfield)
> >
> > watch out: md5 is irreversable! you can't "un_md5"
> >
> >
> > >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01
> > 15:08 >>>
> >
> > John,
> >
> > That was what I was looking for for a long time.
> >
> > Now I will change my teller password account to md5.
> >
> > Could someone suggest me how to change all passwords (PLAIN) to md5 ?
> >
> > My real best regards
> > Ezequias
> >
> > 2007/3/1, John DeSoi <desoi@pgedit.com>:
> > > MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> > > hash passwords. For example:
> > >
> > > select md5('this is my password');
> > >
> > > md5
> > > ----------------------------------
> > > 210d53992dff432ec1b1a9698af9da16
> > > (1 row)
> > >
> > >
> > >
> > > On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> > >
> > > > Thanks Andrej. But how can I use such algoritms in postgresql? arey
> > > > they defined in a function that I can call?
> > > >
> > > > Or, do I have to code one of those algorithm to use it in my
> > > > application?
> > >
> > >
> > >
> > > John DeSoi, Ph.D.
> > > http://pgedit.com/
> > > Power Tools for PostgreSQL
> > >
> > >
> > > ---------------------------(end of
> > broadcast)---------------------------
> > > TIP 9: In versions below 8.0, the planner will ignore your desire to
> > > choose an index scan if your joining column's datatypes do not
> > > match
> > >
>
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Atenciosamente
(Sincerely) Ezequias Rodrigues da
Rocha=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
It doesn't do that for me. I've tried it on three different databases (of two different versions) as three different users and the result is always the same (as it should be):
select USER, md5('password')
current_user md5
bigdbuser 5f4dcc3b5aa765d61d8327deb882cf99
bigdbuser 5f4dcc3b5aa765d61d8327deb882cf99
current_user md5
bigdbsys 5f4dcc3b5aa765d61d8327deb882cf99
bigdbsys 5f4dcc3b5aa765d61d8327deb882cf99
current_user md5
logstocksys 5f4dcc3b5aa765d61d8327deb882cf99
logstocksys 5f4dcc3b5aa765d61d8327deb882cf99
Show us some statements.
>>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01 16:02 >>>
Just another thing.
Why md5 function return a different string from user role of postgresql ?
It allways put an md5 string concated with another sequence of string.
Why does it occurs ?
Ezequias
2007/3/1, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com>:
> I know it. Thank you so much.
>
> Ezequias
> Grettings from Brazil.
>
> 2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
> >
> >
> > update yourtable set passwordfield = md5(passwordfield)
> >
> > watch out: md5 is irreversable! you can't "un_md5"
> >
> >
> > >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01
> > 15:08 >>>
> >
> > John,
> >
> > That was what I was lo oking for for a long time.
> >
> > Now I will change my teller password account to md5.
> >
> > Could someone suggest me how to change all passwords (PLAIN) to md5 ?
> >
> > My real best regards
> > Ezequias
> >
> > 2007/3/1, John DeSoi <desoi@pgedit.com>:
> > > MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> > > hash passwords. For example:
> > >
> > > select md5('this is my password');
> > >
> > > md5
> > > ----------------------------------
> > > 210d53992dff432ec1b1a9698af9da16
> > > (1 row)
> > >
> > >
> > >
> > > On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> > >
> > > > Thanks Andre j. But how can I use such algoritms in postgresql? arey
> > > > they defined in a function that I can call?
> > > >
> > > > Or, do I have to code one of those algorithm to use it in my
> > > > application?
> > >
> > >
> > >
> > > John DeSoi, Ph.D.
> > > http://pgedit.com/
> > > Power Tools for PostgreSQL
> > >
> > >
> > > ---------------------------(end of
> > broadcast)---------------------------
> > > TIP 9: In versions below 8.0, the planner will ignore your desire to
> > > choose an index scan if your joining column's datatypes do not
> > > match
> > >
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=
Atenciosamente (Sincerely)
Ezequias Rodrigues da Rocha
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
Just another thing.
Why md5 function return a different string from user role of postgresql ?
It allways put an md5 string concated with another sequence of string.
Why does it occurs ?
Ezequias
2007/3/1, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com>:
> I know it. Thank you so much.
>
> Ezequias
> Grettings from Brazil.
>
> 2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
> >
> >
> > update yourtable set passwordfield = md5(passwordfield)
> >
> > watch out: md5 is irreversable! you can't "un_md5"
> >
> >
> > >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01
> > 15:08 >>>
> >
> > John,
> >
> > That was what I was lo oking for for a long time.
> >
> > Now I will change my teller password account to md5.
> >
> > Could someone suggest me how to change all passwords (PLAIN) to md5 ?
> >
> > My real best regards
> > Ezequias
> >
> > 2007/3/1, John DeSoi <desoi@pgedit.com>:
> > > MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> > > hash passwords. For example:
> > >
> > > select md5('this is my password');
> > >
> > > md5
> > > ----------------------------------
> > > 210d53992dff432ec1b1a9698af9da16
> > > (1 row)
> > >
> > >
> > >
> > > On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> > >
> > > > Thanks Andre j. But how can I use such algoritms in postgresql? arey
> > > > they defined in a function that I can call?
> > > >
> > > > Or, do I have to code one of those algorithm to use it in my
> > > > application?
> > >
> > >
> > >
> > > John DeSoi, Ph.D.
> > > http://pgedit.com/
> > > Power Tools for PostgreSQL
> > >
> > >
> > > ---------------------------(end of
> > broadcast)---------------------------
> > > TIP 9: In versions below 8.0, the planner will ignore your desire to
> > > choose an index scan if your joining column's datatypes do not
> > > match
> > >
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =-=-=-=
Atenciosamente (Sincerely)
Ezequias Rodrigues da Rocha
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
I am just passing the database owner password (postgresql
autentication) to the statement:
Select md5('the password I have in my mind') and compare with the
password pgAdmin3 shows me.
They are completely different.
Ezequias
2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
>
>
> It doesn't do that for me. I've tried it on three different databases (of
> two different versions) as three different users and the result is always
> the same (as it should be):
>
> select USER, md5('password')
>
> current_user md5
> bigdbuser 5f4dcc3b5aa765d61d8327deb882cf99
>
> current_user md5
> bigdbsys 5f4dcc3b5aa765d61d8327deb882cf99
>
>
> current_user md5
> logstocksys 5f4dcc3b5aa765d61d8327deb882cf99
>
> Show us some statements.
>
>
> >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01
> 16:02 >>>
>
> Just another thing.
>
> Why md5 function return a different string from user role of postgresql ?
>
> It allways put an md5 string concated with another sequence of string.
>
> Why does it occurs ?
> Ezequias
>
> 2007/3/1, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com>:
> > I know it. Thank you so much.
> >
> > Ezequias
> > Grettings from Brazil.
> >
> > 2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
> > >
> > >
> > > update yourtable set passwordfield = md5(passwordfield)
> > >
> > > watch out: md5 is irreversable! you can't "un_md5"
> > >
> > >
> > > >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01
> > > 15:08 >>>
> > >
> > > John,
> > >
> > > That was what I was looking for for a long time.
> > >
> > > Now I will change my teller password account to md5.
> > >
> > > Could someone suggest me how to change all passwords (PLAIN) to md5 ?
> > >
> > > My real best regards
> > > Ezequias
> > >
> > > 2007/3/1, John DeSoi <desoi@pgedit.com>:
> > > > MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
> > > > hash passwords. For example:
> > > >
> > > > select md5('this is my password');
> > > >
> > > > md5
> > > > ----------------------------------
> > > > 210d53992dff432ec1b1a9698af9da16
> > > > (1 row)
> > > >
> > > >
> > > >
> > > > On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> > > >
> > > > > Thanks Andrej. But how can I use such algoritms in postgresql? arey
> > > > > they defined in a function that I can call?
> > > > >
> > > > > Or, do I have to code one of those algorithm to use it in my
> > > > > application?
> > > >
> > > >
> > > >
> > > > John DeSoi, Ph.D.
> > > > http://pgedit.com/
> > > > Power Tools for PostgreSQL
> > > >
> > > >
> > > > ---------------------------(end of
> > > broadcast)---------------------------
> > > > TIP 9: In versions below 8.0, the planner will ignore your desire to
> > > > choose an index scan if your joining column's datatypes do not
> > > > match
> > > >
> >
>
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Atenciosamente
> (Sincerely)
> Ezequias Rodrigues da Rocha
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> A pior das democracias ainda é melhor do que a melhor das ditaduras
> The worst of democracies is still better than the better of dictatorships
> http://ezequiasrocha.blogspot.com/
>
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Atenciosamente
(Sincerely) Ezequias Rodrigues da
Rocha=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
Ezequias Rodrigues da Rocha wrote:
> I am just passing the database owner password (postgresql
> autentication) to the statement:
>
> Select md5('the password I have in my mind') and compare with the
> password pgAdmin3 shows me.
>
> They are completely different.
Try SELECT 'md5'||md5('the password I have in my mind'||'userlogin');
> Ezequias
>
> 2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
>>
>>
>> It doesn't do that for me. I've tried it on three different databases (of
>> two different versions) as three different users and the result is always
>> the same (as it should be):
>>
>> select USER, md5('password')
>>
>> current_user md5
>> bigdbuser 5f4dcc3b5aa765d61d8327deb882cf99
>>
>> current_user md5
>> bigdbsys 5f4dcc3b5aa765d61d8327deb882cf99
>>
>>
>> current_user md5
>> logstocksys 5f4dcc3b5aa765d61d8327deb882cf99
>>
>> Show us some statements.
>>
>>
>> >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com> 2007-03-01
>> 16:02 >>>
>>
>> Just another thing.
>>
>> Why md5 function return a different string from user role of postgresql ?
>>
>> It allways put an md5 string concated with another sequence of string.
>>
>> Why does it occurs ?
>> Ezequias
>>
>> 2007/3/1, Ezequias Rodrigues da Rocha <ezequias.rocha@gmail.com>:
>> > I know it. Thank you so much.
>> >
>> > Ezequias
>> > Grettings from Brazil.
>> >
>> > 2007/3/1, Bart Degryse <Bart.Degryse@indicator.be>:
>> > >
>> > >
>> > > update yourtable set passwordfield = md5(passwordfield)
>> > >
>> > > watch out: md5 is irreversable! you can't "un_md5"
>> > >
>> > >
>> > > >>> "Ezequias Rodrigues da Rocha" <ezequias.rocha@gmail.com>
>> 2007-03-01
>> > > 15:08 >>>
>> > >
>> > > John,
>> > >
>> > > That was what I was looking for for a long time.
>> > >
>> > > Now I will change my teller password account to md5.
>> > >
>> > > Could someone suggest me how to change all passwords (PLAIN) to md5 ?
>> > >
>> > > My real best regards
>> > > Ezequias
>> > >
>> > > 2007/3/1, John DeSoi <desoi@pgedit.com>:
>> > > > MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
>> > > > hash passwords. For example:
>> > > >
>> > > > select md5('this is my password');
>> > > >
>> > > > md5
>> > > > ----------------------------------
>> > > > 210d53992dff432ec1b1a9698af9da16
>> > > > (1 row)
>> > > >
>> > > >
>> > > >
>> > > > On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
>> > > >
>> > > > > Thanks Andrej. But how can I use such algoritms in postgresql?
>> arey
>> > > > > they defined in a function that I can call?
>> > > > >
>> > > > > Or, do I have to code one of those algorithm to use it in my
>> > > > > application?
>> > > >
>> > > >
>> > > >
>> > > > John DeSoi, Ph.D.
>> > > > http://pgedit.com/
>> > > > Power Tools for PostgreSQL
>> > > >
>> > > >
>> > > > ---------------------------(end of
>> > > broadcast)---------------------------
>> > > > TIP 9: In versions below 8.0, the planner will ignore your
>> desire to
>> > > > choose an index scan if your joining column's datatypes
>> do not
>> > > > match
>> > > >
>> >
>>
>>
>> --
>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>> Atenciosamente
>> (Sincerely)
>> Ezequias Rodrigues da Rocha
>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>> A pior das democracias ainda é melhor do que a melhor das ditaduras
>> The worst of democracies is still better than the better of dictatorships
>> http://ezequiasrocha.blogspot.com/
>>
>
>
--
Shane Ambler
pgSQL@Sheeky.Biz
Get Sheeky @ http://Sheeky.Biz
On Thursday 01 March 2007 8:53 am, Ezequias Rodrigues da Rocha wrote:
> I am just passing the database owner password (postgresql
> autentication) to the statement:
>
> Select md5('the password I have in my mind') and compare with the
> password pgAdmin3 shows me.
>
> They are completely different.
>
> Ezequias
>
<Snip>
Try select md5('password'||'user')
The generated hash is a combination of the password and the user name.
--
Adrian Klaver
aklaver@comcast.net
Perfect ! That's it.
Another information I doesn't have. Great to be part of this list.
Thank you
Adrian
2007/3/1, Adrian Klaver <aklaver@comcast.net>:
> On Thursday 01 March 2007 8:53 am, Ezequias Rodrigues da Rocha wrote:
> > I am just passing the database owner password (postgresql
> > autentication) to the statement:
> >
> > Select md5('the password I have in my mind') and compare with the
> > password pgAdmin3 shows me.
> >
> > They are completely different.
> >
> > Ezequias
> >
> <Snip>
> Try select md5('password'||'user')
> The generated hash is a combination of the password and the user name.
> --
> Adrian Klaver
> aklaver@comcast.net
>
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Atenciosamente
(Sincerely) Ezequias Rodrigues da
Rocha=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
A pior das democracias ainda é melhor do que a melhor das ditaduras
The worst of democracies is still better than the better of dictatorships
http://ezequiasrocha.blogspot.com/
Thanks for your anwers. They have been very useful.
Thanks again.
----- Mensaje original ----
De: John DeSoi <desoi@pgedit.com>
Para: Eugenio Flores <eflores767003@yahoo.com.mx>
CC: Andrej Ricnik-Bay <andrej.groups@gmail.com>; PostgreSQL <pgsql-sql@postgresql.org>
Enviado: jueves, 1 de marzo, 2007 5:25:28
Asunto: Re: [SQL] How to store a password encripted in a user defined table
De: John DeSoi <desoi@pgedit.com>
Para: Eugenio Flores <eflores767003@yahoo.com.mx>
CC: Andrej Ricnik-Bay <andrej.groups@gmail.com>; PostgreSQL <pgsql-sql@postgresql.org>
Enviado: jueves, 1 de marzo, 2007 5:25:28
Asunto: Re: [SQL] How to store a password encripted in a user defined table
MD5 is built-in to PostgreSQL. It is what PostgreSQL itself uses to
hash passwords. For example:
select md5('this is my password');
md5
----------------------------------
210d53992dff432ec1b1a9698af9da16
(1 row)
On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> Thanks Andrej. But how can I use such algoritms in postgresql? arey
> they defined in a function that I can call?
>
> Or, do I have to code one of those algorithm to use it in my
> application?
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
hash passwords. For example:
select md5('this is my password');
md5
----------------------------------
210d53992dff432ec1b1a9698af9da16
(1 row)
On Mar 1, 2007, at 6:06 AM, Eugenio Flores wrote:
> Thanks Andrej. But how can I use such algoritms in postgresql? arey
> they defined in a function that I can call?
>
> Or, do I have to code one of those algorithm to use it in my
> application?
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Do You Yahoo!? La mejor conexión a Internet y 2GB extra a tu correo por $100 al mes. http://net.yahoo.com.mx