Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the datatype for a password in PostgreSQL?

Tags:

types

database

postgresql

I read that there are datatypes which do encryption so passwords are secured in your database.

I use at the moment varchar to store passwords. I have had the idea that I should somehow apply a SHA-512 function to the password and put that data somewhere such that the plain text password is removed.

However, the datatype in Perl suggests me that there are a better way in PostgreSQL than varchar.

What is the datatype for a password in PostgreSQL?

like image 266
Léo Léopold Hertz 준영 Avatar asked Jul 29 '09 13:07

Léo Léopold Hertz 준영

People also ask

What is the datatype for password?

NIST (in the U.S.) recommends sha-256 or higher. Since a hashing algorithm always produces a value of set length you will need 256 bits to store this sha-256 hashed password.

Is there a password type in SQL?

MySQL server uses the PASSWORD function to encrypt MySQL passwords for storage in the Password column of the user grant table. The value returned by the PASSWORD function is a hashed string, or NULL if the argument was NULL. The PASSWORD function accepts one parameter which is the string to be encrypted.

What is default postgres password?

Login and Connect as Default User For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user.

How do I encrypt passwords with PostgreSQL?

When creating a new user, we can use the crypt function to encrypt the password. INSERT INTO users (email, password) VALUES ( '[email protected]', crypt('johnspassword', gen_salt('bf')) ); The crypt function accepts two arguments: The password to encrypt.

1 Answers

Jeff has a good article titled You're Probably Storing Passwords Incorrectly. This article discusses various ways of storing passwords in databases, and some of the common pitfalls that you may run into. In particular, it discusses the use of hashing algorithms, rainbow tables, and the use of "salt" to reduce the risk of a compromised password file.

The use of the varchar data type is perfectly suitable for storing a properly hashed password. For example, here is part of my actual account record from a production database:

=> select account_id, email, salt, passhash from account where email = '[email protected]';  account_id |      email       |       salt       |                 passhash                  ------------+------------------+------------------+------------------------------------------           1 | [email protected] | GFR9uT4N4Tzl3vnK | 2c2bf00079a6d49a8f7fb17cefb52fdb41a4b043 (1 row)

In this case, passhash is the hex representation of the SHA-1 of the salt concatenated with my password.

like image 85
Greg Hewgill Avatar answered Oct 09 '22 07:10

Greg Hewgill
Sign in to Comment

Related questions

Connecting postgresql with sqlalchemy
SQL query to select distinct row with minimum value
In Mongo, how do I pretty-print results so .find() looks like .findOne()
How to delete duplicate rows without unique identifier
Strange PostgreSQL "value too long for type character varying(500)"
Detecting database tampering, is it possible?
What is caching?
When should I use Datomic?
When shouldn't you use a relational database? [closed]
OSError: [Errno 18] Invalid cross-device link
How to check if two data frames are equal [duplicate]
WooCommerce: Finding the products in database
Firestore: How to get random documents in a collection
Alias for column names in Rails
What do scale and precision mean when specifying a decimal field type in Doctrine 2?
MySQL vs PostgreSQL? Which should I choose for my Django project?
Laravel: How to get last N entries from DB
LocalDateTime remove the milliseconds
SQLite - ORDER BY RAND()
Two phase commit

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!