Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

postgresql: how to store a user password?

Tags:

java

security

web-applications

postgresql

playframework-2.0

I'm using play-framework 2.0 (java web-framework) with postgresql.

  1. what encryption type for a user's password is the most common today? I understood that MD5 has been abounded in the last few years.
  2. what is the right data-type for field "password" in User class (and therefore, in the postgresql DB)?

thanks

like image 499
socksocket Avatar asked Aug 20 '12 15:08

socksocket

People also ask

How does postgres store passwords?

PostgreSQL database passwords are separate from operating system user passwords. The password for each database user is stored in the pg_authid system catalog. Passwords can be managed with the SQL commands CREATE ROLE and ALTER ROLE, e.g., CREATE ROLE foo WITH LOGIN PASSWORD 'secret' , or the psql command \password .

Does postgres user have password?

Login and Connect as Default User For most systems, the default Postgres user is postgres and a password is not required for authentication.

How do I encrypt passwords with PostgreSQL?

CREATE EXTENSION pgcrypto; INSERT INTO users (email, password) VALUES ( '[email protected]', crypt('johnspassword', gen_salt('bf')) ); SELECT id FROM users WHERE email = '[email protected]' AND password = crypt('johnspassword', password); We have seen how to solve the Encrypt Password Postgresql with various examples.

What is the data type for password in PostgreSQL?

This module implements a data type chkpass that is designed for storing encrypted passwords. Each password is automatically converted to encrypted form upon entry, and is always stored encrypted.

1 Answers

You want to hash the password, not encrypt it (See this question for more details). The current recommended approach is to use an adaptive hashing algorithm, like bcrypt. jBcrypt is a solid Java implementation that you can use.

As for DB type, you can safely just treat it as a string.

like image 97
Oleksi Avatar answered Sep 20 '22 16:09

Oleksi
Sign in to Comment

Related questions

ajaxStatus for specific component only
java method returning an instance of Class<T extends Somethng>
difference between FSDirectory and MMap Directory?
General-purpose distributed scheduling library for Java [closed]
How do you set and pass a parameter to a BIRT report created by the BIRT Report Designer through the BIRT API?
What does String.substring exactly do in Java?
Index a MySQL database with Apache Lucene, and keep them synchronized
Test MultipartFormData in Play 2.0 FakeRequest
Loading with ResourceBundle from inside a jar
Java Custom Drag and Drop in JPanel
Replace a checked exception with a runtime exception?
Integrate Google Chrome browser into eclipse
Why doesn't Java allow enum to be defined within a method? [duplicate]
Generating the same random number in Java and Python
Synchronization on "this" or private Object in Java? [duplicate]
Exception in finalize method [duplicate]
How can we get exact time to load a page using Selenium WebDriver?
Disable Home Button in Homescreen app?
Protected nested class not accessible to derived classes in other package
Overflow and range checking for arithmetic operations

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!