Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

postgresql: how to store a user password?

I'm using play-framework 2.0 (java web-framework) with postgresql.

  1. what encryption type for a user's password is the most common today? I understood that MD5 has been abounded in the last few years.
  2. what is the right data-type for field "password" in User class (and therefore, in the postgresql DB)?

thanks

like image 499
socksocket Avatar asked Aug 20 '12 15:08

socksocket


People also ask

How does postgres store passwords?

PostgreSQL database passwords are separate from operating system user passwords. The password for each database user is stored in the pg_authid system catalog. Passwords can be managed with the SQL commands CREATE ROLE and ALTER ROLE, e.g., CREATE ROLE foo WITH LOGIN PASSWORD 'secret' , or the psql command \password .

Does postgres user have password?

Login and Connect as Default User For most systems, the default Postgres user is postgres and a password is not required for authentication.

How do I encrypt passwords with PostgreSQL?

CREATE EXTENSION pgcrypto; INSERT INTO users (email, password) VALUES ( '[email protected]', crypt('johnspassword', gen_salt('bf')) ); SELECT id FROM users WHERE email = '[email protected]' AND password = crypt('johnspassword', password); We have seen how to solve the Encrypt Password Postgresql with various examples.

What is the data type for password in PostgreSQL?

This module implements a data type chkpass that is designed for storing encrypted passwords. Each password is automatically converted to encrypted form upon entry, and is always stored encrypted.


1 Answers

You want to hash the password, not encrypt it (See this question for more details). The current recommended approach is to use an adaptive hashing algorithm, like bcrypt. jBcrypt is a solid Java implementation that you can use.

As for DB type, you can safely just treat it as a string.

like image 97
Oleksi Avatar answered Sep 20 '22 16:09

Oleksi