473,626 Members | 3,063 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

db security (md5)

I wanted to use md5 authentication method for my pg db. I was initially
using a trust method and I noticed when I switched to md5 I had to assign a
password to the user postgres as it was created without one. Here do I pass
an md5 encrypted string? Also everytime I connect via perl's DBI do I have
to pass it the encrypted string (if so which perl module for md5 encryption
is the best to use?)
I was confused as to whether I should create the password encrypted or
whether postgres saves it encrypted.
Sally

_______________ _______________ _______________ _______________ _____
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postg resql.org

Nov 23 '05 #1
2 2197
On Mon, 19 Apr 2004, Sally Sally wrote:
I wanted to use md5 authentication method for my pg db. I was initially
using a trust method and I noticed when I switched to md5 I had to assign a
password to the user postgres as it was created without one. Here do I pass
an md5 encrypted string? Also everytime I connect via perl's DBI do I have
to pass it the encrypted string (if so which perl module for md5 encryption
is the best to use?)
I was confused as to whether I should create the password encrypted or
whether postgres saves it encrypted.
Sally


The md5 stuff should be handled by the database and the connection layer
invisibly to you. i.e. when I use php, if it's set to md5 auth, I just
use a connect string like this:

$connect = pg_connect("hos t=myserver name=bubba password=secret word");

and I'm in. Same goes for setting the password via psql or whatnot:

alter user test with password 'abc';
select * from pg_shadow;
(SNIP)
test | 103 (SNIP) | md5f7dc2e193794 0bb8486274edc88 cc3c5
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Nov 23 '05 #2
"Sally Sally" <de*****@hotmai l.com> wrote:

I wanted to use md5 authentication method for my pg db. I was initially
using a trust method and I noticed when I switched to md5 I had to assign a
password to the user postgres as it was created without one. Here do I pass
an md5 encrypted string?
No. md5 just refers to the way it's stored in pgsql.
Also everytime I connect via perl's DBI do I have
to pass it the encrypted string (if so which perl module for md5 encryption
is the best to use?)
See above.
I was confused as to whether I should create the password encrypted or
whether postgres saves it encrypted.


The latter.

Jim

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org)

Nov 23 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
3686
crypt() and md5()
by: | last post by:
I'm curious how these two functions work together (when crypt() uses a md5 algo). Currently I know they will produce different output; is this due to the salt being used behind-the-scenes in md5()? Is there a way to allow crypt() and md5() to produce identical output or am I misunderstanding the purpose of both the functions. Thanks
PHP
3
1478
PHP Session security
by: Troot | last post by:
Hi all, I previously logged a question asking how to automatically log a user into Apache Basic Authentication without displaying the standard username/password dialog from the browser. I have since come to realise this is not possible, I'll have to use my own system with session cookies etc. Kewl My question now is, if I'm managing the login with php sessions, whats to stop somebody coming along and directly accessing an image...
PHP
2
1505
Security question
by: JamesB | last post by:
I am half way through making a site you can only do certain stuff if logged in to. So far, you are logged in if there is a session variable with your username, but I got thinking that presumably someone who worked this out could make a cookie file with this info in and pretend to be another user. So... what's the recommended way? I thought of storing an MD5 hash of the login time in the session and in the database too, then on each...
PHP
2
1186
security question
by: zuhans | last post by:
hello, i'm very new to postgres and have a fundamental question. how do i make a pg-db most secure? i feel, that pg_user e.g. ist something very dangerous - isn't it? if someone hacks into a db, then he has lots of information at his/her fingertips. is this so? what do i do to prevent my db from beeing hacked?
PostgreSQL Database
2
2413
User Login & Application Security
by: Patrick Blackman | last post by:
Hi, need some info on implementing a multiuser winforms application, specifically managing user logins and user preferences & access rights. Are there any frameworks out there for this. I don't want to use windows identity system. Any pointers would be appreciated.
C# / C Sharp
5
1585
about high security field
by: Suresh | last post by:
Hi All I am designing DB2 database. I have some entities each has nearly 40-60 attributes. Each of these entity (table) have password, some other information as high security attribute. So should i create new entity which hold password data for all entity or should I place password data in respective entity.In each case i will encrypt password. in both cases what will be effect with respect to performance and security. Each entity...
DB2 Database
0
1138
Security - 3DES and RC2
by: tshad | last post by:
I have been trying to create encoding/decoding functions for secure Credit Card information. I was looking at 3DES/MD5 and RC2/MD5. I found a simple function that seemed to work pretty well, but I am confused as to what is happening. In the routine I found it was using the TripleDESCryptoServiceProvider (and not the RC2CryptoServiceProvider) class. But in the CryptDeriveKey, it was
Visual Basic .NET
4
6975
System.Security.Cryptography.MD5.Create( ??? )
by: Jonathan Wood | last post by:
Does anyone know why the documentation for System.Security.Cryptography.MD5.Create() seems to omit completely any description of allowed arguments. I'm trying to convert some C++ code to C# and seem to be getting different MD5 results. If other algorithms are available, maybe that is related to the problem I'm having. But the docs for this method don't tell me anything about what algorithms are supported? Thanks.
C# / C Sharp
6
6293
System.Security.Cryptography.CryptographicException; bug in .NET 1.1 ?
by: andrew | last post by:
Hi, I have a web service application written in C# .NET 1.1 using MD5CryptoServiceProvider.ComputeHash(Byte) The problem is that after a while(web service processes requests) the call throws CryptographicException "the parameter is incorrect" Here's the stack trace: System.Security.Cryptography.CryptographicException: The parameter is
C# / C Sharp
0
8262
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8196
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8637
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
7192
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5571
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4090
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
4196
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2623
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
1
1807
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us